xmrig | hoze样本[.]zip | Triage

Resubmissions

27-11-2024 08:55

241127-kvn92stkar 10

27-11-2024 05:48

241127-ghggwszqes 10

Sharing

General

Target

hoze样本.zip
Size

7.6MB
MD5

8bb80dc9058ea755ff166d45fbcdbdcf
SHA1

e49e083725dcd42fba86a57959ea2cae6c7aed57
SHA256

747091fd60a9c41ff26d3878bac923c9c14b5472238874754577e14d47b8cba7
SHA512

87dab1c4e11517538113fddfd22877817455a99a0664c340c56417e9f46d4165ac7236307710378db1016628e664871f2a7db2fd48c752c17fc09370abed7226
SSDEEP

196608:8Qz8WgK/p06m121FaxrhZeeWDLAfVPKRWC9:tz5gK/m6mw1U2Dc4EA

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 6 IoCs

Processes:

resource	yara_rule
static1/unpack001/样本/Linux/挖矿程序/9D099882A24757AC5033B0C675FECBE5	xmrig
static1/unpack001/样本/Linux/挖矿程序/9D099882A24757AC5033B0C675FECBE5	family_xmrig
static1/unpack002/1AAF1A9F7877DC2C899D910A52F67F31	xmrig
static1/unpack002/1AAF1A9F7877DC2C899D910A52F67F31	family_xmrig
static1/unpack003/xrx/xrx	xmrig
static1/unpack003/xrx/xrx	family_xmrig

Xmrig family
xmrig

Files

hoze样本.zip
.zip

Password: infected
样本/Linux/shc加密脚本/069AD3938C3F9C049F670A8EB49DC1D8
.elf linux x64
样本/Linux/shc加密脚本/42693670C71A529A11E81943F5B36C5B
.elf linux x64
样本/Linux/shc加密脚本/73F9917255A953EB749F5A3C90E3B383
.elf linux x64
样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973
.elf linux x64
样本/Linux/sh恶意脚本/9C8A5EF51CF8A89F5F00498A5A776DB8
.sh linux
样本/Linux/sh恶意脚本/E4CC1A7F992909E8509520FDD6C9A3F7
.sh .js linux polyglot
样本/Linux/挖矿程序/9D099882A24757AC5033B0C675FECBE5
.elf linux x64
样本/Linux/攻击脚本集合包tar/1AAF1A9F7877DC2C899D910A52F67F31
.gz

Password: infected
1AAF1A9F7877DC2C899D910A52F67F31
.tar .js polyglot

Password: infected
xrx/chattr
.elf linux x64
xrx/config.json
xrx/init.sh
.elf linux x64
xrx/init0
.elf linux x64
xrx/key
xrx/scp
.sh linux
xrx/secure
.elf linux x64
xrx/uninstall.sh
.sh .js linux polyglot
xrx/xrx
.elf linux x64