Overview

overview

10

Static

static

10

hezb/样�...14FEB1

ubuntu-18.04-amd64

hezb/样�...14FEB1

debian-9-armhf

hezb/样�...14FEB1

debian-9-mips

hezb/样�...14FEB1

debian-9-mipsel

hezb/样�...AA484D

ubuntu-18.04-amd64

hezb/样�...AA484D

debian-9-armhf

hezb/样�...AA484D

debian-9-mips

hezb/样�...AA484D

debian-9-mipsel

hezb/样�...254E2C

ubuntu-24.04-amd64

6

hezb/样�...2C0CFB

ubuntu-24.04-amd64

10

hezb/样�...F3E8C3

ubuntu-24.04-amd64

6

hezb/样�...49.ps1

windows7-x64

3

hezb/样�...49.ps1

windows10-2004-x64

3

hezb/样�...D2.ps1

windows7-x64

3

hezb/样�...D2.ps1

windows10-2004-x64

3

hezb/样�...DE.exe

windows7-x64

1

hezb/样�...DE.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hezb.zip

  • Size

    6.3MB

  • Sample

    241211-p88castldz

  • MD5

    de79dc65c13418d2e9dca7af8c21d3e6

  • SHA1

    9dbe9e7f1ca1dd69ac5258fbc2acf8c6ad320264

  • SHA256

    a0c236fed9935b975ceba78c77343c6c2a1d0ac64ccff00e08328d0b8af360c4

  • SHA512

    427cebf0ce77e355823409d24d0f53d42e6d6e9c5dc63c42ab1215f539256831c4e9fd8b44cde8894c8f39682e3095da555c0e280424823bd2d4cb66b27cf312

  • SSDEEP

    98304:CM+B5I5UqFFhVqvIyYPnOV3+JmuVTmwFgdb2ip7B/0FxMWNfIBCHh:c5I5DF+v0OAJm2TmVz7gx9NkCB

Score
10/10
xmrigxmrig_linuxantivmdiscoveryexecutionlinuxminer

Malware Config

Targets

    • Target

      hezb/样本/Linux/sh恶意脚本/955ABC9598BEFCA8025B806E9E14FEB1

    • Size

      7KB

    • MD5

      955abc9598befca8025b806e9e14feb1

    • SHA1

      a4070b33a94adb52bd9be5db0350f480ed75e017

    • SHA256

      4e0ec7489f1b0754ff0baca455c11b5a4d092fd9952e93227a12e9819fa84dcd

    • SHA512

      c5803b22c36de905573752a3b689c2b3fcca236bed994e7eb367ff516b6710cf387a8fc7d372841928691ed69a1dee7484f7d359d941fac4ebd2b64729bc0ce3

    • SSDEEP

      192:tfSTAC2G6ZlnbGdTar69wyOWUNInq6EiIEAGVobNhN0l:gklnbGdTar69wyON6E9GV6Kl

    Score
    1/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      hezb/样本/Linux/sh恶意脚本/B954CBA4C2A5ED68CE8AC88BF4AA484D

    • Size

      7KB

    • MD5

      b954cba4c2a5ed68ce8ac88bf4aa484d

    • SHA1

      5377319edc99975d2f16ab27bfb3142a76fb321d

    • SHA256

      ecfacc6e3b310b76fb381439ffd1d21cc7be0e5130182acad744b16de4f58a3b

    • SHA512

      d528fa1c77ff1895152ddbcf0764e6013e840bbeb82d64fb69746d6721daee9b519b0cc7b1a595f1147410f6a064144850d7da4d8a9d2ca70eb6612788a35983

    • SSDEEP

      192:tf3TACdG6ZlneGd6MXyOWUNInq68kSkwkIkaOAGVobNhNR:FzlneGd6MXyON68VzHlGV6L

    Score
    1/10
    behavioral5behavioral6behavioral7behavioral8

    • Target

      hezb/样本/Linux/恶意软件/19827AF3181C12EE7A89CEE51F254E2C

    • Size

      2.6MB

    • MD5

      19827af3181c12ee7a89cee51f254e2c

    • SHA1

      7c3016dfdfd536e96ef9a7e1a51de01bc0390772

    • SHA256

      f13e48658426307d9d1434b50fa0493f566ed1f31d6e88bb4ac2ae12ec31ef1f

    • SHA512

      1d5915c8e7b8c24a77b17599bea32645ff5e12b7c37f17f2058199be2bf159eb5433f5193d65fdd8aa3a1eba7c4694921e9a0b1a25eb7ef44b2c8eb16d0f3fe9

    • SSDEEP

      24576:aonS0jRd6W0mmMr3Qb5Kbhpe1oD/myq2XpvgEICu7BZBXni5C2UJYM:ZD8W0y7D/m6xe8G

    Score
    6/10
    antivmdiscovery

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Security Software Discovery

      Adversaries may attempt to discover installed security software and its configurations.

      discovery
    behavioral9

    • Target

      hezb/样本/Linux/挖矿程序/ED573E9B9087C650D06CFB76C62C0CFB

    • Size

      8.4MB

    • MD5

      ed573e9b9087c650d06cfb76c62c0cfb

    • SHA1

      68f229f435574af04319089abbcf2d32571b905a

    • SHA256

      801b23bffa65facee1da69bc6f72f8e1e4e1aeefc63dfd3a99b238d4f9d0a637

    • SHA512

      abd4bf11dd4c02c16eb7970ce5db14e615ed0135afeb0a870a0af114525e365330b07f65eb38bb8592704a774c63d69ff2f8103d758e8fe7dfbeae1bd93c70f5

    • SSDEEP

      196608:ll882nJvjzfTThwUfjNO8phoKDE5IO7rs:llJ2nJvjzfTThwgjNOtKDkIO7

    Score
    10/10
    xmrig_linuxantivmdiscoveryminer

    • Xmrig_linux family

      xmrig_linux

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

      discovery
    behavioral10

    • Target

      hezb/样本/Linux/漏洞利用程序/8E3E276E650E6EA21BEA16C8C2F3E8C3

    • Size

      14KB

    • MD5

      8e3e276e650e6ea21bea16c8c2f3e8c3

    • SHA1

      e483074bbe5e41cacbe081f290d7e6b0c3184c7f

    • SHA256

      4dcae1bddfc3e2cb98eae84e86fb58ec14ea6ef00778ac5974c4ec526d3da31f

    • SHA512

      8b33a40fd39a06a85169f2e4c4172a4d44ec24d50c512db7231ab4575dbf4093bfdabc63dd1b36dda94ec87772469e659abf0650d8982a526d8623a96bf93e38

    • SSDEEP

      384:ydtOQtZn0kc0sE8Xvn/3PHfXvn/3PHfXvnr70/i:SI00kc0sE8Xvn/3PHfXvn/3PHfXvnrr

    Score
    6/10
    discovery

    • Uses Polkit to run commands

      Uses Polkit pkexec as a proxy to execute commands, possibly to bypass security restrictions.

    behavioral11

    • Target

      hezb/样本/Windows/bat恶意脚本/CB160E725249E2C0534EB01EC3D8E049

    • Size

      1KB

    • MD5

      cb160e725249e2c0534eb01ec3d8e049

    • SHA1

      7c9d67b535c632e560b8c953f91789d601b95ec3

    • SHA256

      3fb2d3fd6e40cbd5414d1151cbe022faf4d8e839b3ca61b44227ff4d6d74e47e

    • SHA512

      05cddb5f2135438dc7960ed9823ca7104c1714f6fda73afa79845146d4843d5dddc5d206ad207751e741528c0d3e2717d445b7dd416816e74351ea0859a23254

    Score
    3/10
    execution
    behavioral12behavioral13

    • Target

      hezb/样本/Windows/bat恶意脚本/F7DA4506E638185AF1F1B2FE30A2E9D2

    • Size

      11KB

    • MD5

      f7da4506e638185af1f1b2fe30a2e9d2

    • SHA1

      70ccb0425cbb9879ab87051cc726ffc3a8f5b60c

    • SHA256

      ebe19776894493f3f657c39b5d4d5cf1b0d157c61979e22fea139e6f2842b3ca

    • SHA512

      8e808a6a748912eb1dda83a8833f223fb20449331d7344fea041acbfb0c1228ca38f39faf65ef893f2f402998e9e5248715e98d617dbd06060ebf618b90620c3

    • SSDEEP

      192:FQ5FRIjLJ1O7OHrlvc7mQEtsW0a1UHhQauPH6vbf9lJx+LSQ4lVj:FQ5cW6hc7mQErwjmkUn43

    Score
    3/10
    execution
    behavioral14behavioral15

    • Target

      hezb/样本/Windows/挖矿程序/3EDCDE37DCECB1B5A70B727EA36521DE

    • Size

      5.2MB

    • MD5

      3edcde37dcecb1b5a70b727ea36521de

    • SHA1

      0f2df3cae00d30300e6958bb9e9cda2758f9b1c9

    • SHA256

      366b32c15ff2b30da5cafc1407e6dc49aa4bbecffc34c438302022acd1c00b8e

    • SHA512

      16ec6b58a1d0f3fdbb9940245612aea4a8d6024ca71a9393ad2cc48dabd1575444c0d8d98992217d4526eb830523008d7e4961b3653db842c85f0dec4270d791

    • SSDEEP

      98304:/RLRLj41OH4wAIOF+kmcIxJr+fx3k/sc37gz+li0pjY3l50XYarT:nj417x3Msc8Kli0JUuXYa3

    Score
    1/10
    behavioral16behavioral17

MITRE ATT&CK Enterprise v15

Tasks