xmrig | 3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078 | Triage

Submit
Reports

Overview

overview

Static

static

1

3ef65ce27d...bb9078

ubuntu-22.04-amd64

Sharing

General

Target

3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
Size

731KB
Sample

241203-tevxbsxnej
MD5

6634a952b1d18ed9db3a60b0e605d8c0
SHA1

556c5876f530719212deb3bdd2d49cdfa9b5bc58
SHA256

3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
SHA512

77203be137f41ddf535f7297bf87cf6a9fdc8251d14ed5e9999c63552d351086fa783af238d9a0cd9d3bdd7e703cc589dffc5730e0ee0b80774a0bce4cb39805
SSDEEP

12288:Yvz3zPzJWjGA036wN/4qyqFULsJ8zcoqGYmMRGWbp5JbUbZWioXjgRgse/dByaKX:Y9QGA0K8FULsJCc8YoiJbUckRgsebhAt

Score

10^/10

xmrig xmrig_linux credential_access defense_evasion discovery linux miner

Static task

static1

Behavioral task

behavioral1

Sample

3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078

Resource

ubuntu2204-amd64-20240611-en

xmrig xmrig_linux credential_access defense_evasion discovery miner

ubuntu-22.04-amd64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
- Size
  
  731KB
- MD5
  
  6634a952b1d18ed9db3a60b0e605d8c0
- SHA1
  
  556c5876f530719212deb3bdd2d49cdfa9b5bc58
- SHA256
  
  3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
- SHA512
  
  77203be137f41ddf535f7297bf87cf6a9fdc8251d14ed5e9999c63552d351086fa783af238d9a0cd9d3bdd7e703cc589dffc5730e0ee0b80774a0bce4cb39805
- SSDEEP
  
  12288:Yvz3zPzJWjGA036wN/4qyqFULsJ8zcoqGYmMRGWbp5JbUbZWioXjgRgse/dByaKX:Y9QGA0K8FULsJCc8YoiJbUckRgsebhAt
Score

10^/10

xmrig xmrig_linux credential_access defense_evasion discovery miner
- Xmrig family
  xmrig
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Contacts a large (48119) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- XMRig Miner payload
  miner
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Network Service Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigxmrig_linuxcredential_accessdefense_evasiondiscoveryminer

© 2018-2024

Terms | Privacy