xmrig | 64329f551dc7f337ef25e81d71ea8ad1b436cd320361a5e03c629dce086f761e | Triage

Submit
Reports

Overview

overview

Static

static

1

udeb

ubuntu-22.04-amd64

Resubmissions

26-11-2024 09:24

241126-ldj5favnby 10

Sharing

General

Target

udeb
Size

6.9MB
Sample

241126-ldj5favnby
MD5

701eb0067af1d07ca8dae2380f8501fe
SHA1

432f0a8848a049467dc023a213515b067444147b
SHA256

64329f551dc7f337ef25e81d71ea8ad1b436cd320361a5e03c629dce086f761e
SHA512

faef2fa7d5ebc2a2117a61b6019a226fcff9caa518413a31042968ce78b7d3e7ca3a572a4ef61041820accf161b13140d75f5146670fc04fac980a984411337b
SSDEEP

98304:P4UcNQeb7GWYv8EZVVfk1DU8CsCUsRiKq4MPP:wfLvGWcZYUFPUQ+PP

Score

10^/10

xmrig xmrig_linux antivm defense_evasion discovery exection linux miner persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

udeb

Resource

ubuntu2204-amd64-20240729-en

xmrig xmrig_linux antivm defense_evasion discovery exection miner persistence privilege_escalation

ubuntu-22.04-amd64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  udeb
- Size
  
  6.9MB
- MD5
  
  701eb0067af1d07ca8dae2380f8501fe
- SHA1
  
  432f0a8848a049467dc023a213515b067444147b
- SHA256
  
  64329f551dc7f337ef25e81d71ea8ad1b436cd320361a5e03c629dce086f761e
- SHA512
  
  faef2fa7d5ebc2a2117a61b6019a226fcff9caa518413a31042968ce78b7d3e7ca3a572a4ef61041820accf161b13140d75f5146670fc04fac980a984411337b
- SSDEEP
  
  98304:P4UcNQeb7GWYv8EZVVfk1DU8CsCUsRiKq4MPP:wfLvGWcZYUFPUQ+PP
Score

10^/10

xmrig xmrig_linux antivm defense_evasion discovery exection miner persistence privilege_escalation
- XMRig Miner payload
  miner
- Xmrig family
  xmrig
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Modifies the dynamic linker configuration file
  Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.
  exection persistence privilege_escalation defense_evasion
- Executes dropped EXE
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
- Write file to user bin folder
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Shared Modules

Persistence

Hijack Execution Flow

Dynamic Linker Hijacking

Privilege Escalation

Hijack Execution Flow

Dynamic Linker Hijacking

Defense Evasion

Hijack Execution Flow

Dynamic Linker Hijacking

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigxmrig_linuxantivmdefense_evasiondiscoveryexectionminerpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy