Overview

overview

10

Static

static

10

sh恶意�...14FEB1

ubuntu-18.04-amd64

sh恶意�...14FEB1

debian-9-armhf

sh恶意�...14FEB1

debian-9-mips

sh恶意�...14FEB1

debian-9-mipsel

sh恶意�...AA484D

ubuntu-18.04-amd64

sh恶意�...AA484D

debian-9-armhf

sh恶意�...AA484D

debian-9-mips

sh恶意�...AA484D

debian-9-mipsel

恶意软�...31ef1f

ubuntu-24.04-amd64

6

挖矿程�...2C0CFB

ubuntu-20.04-amd64

10

漏洞利�...F3E8C3

ubuntu-20.04-amd64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Linux.zip

  • Size

    4.1MB

  • Sample

    241218-ntmavaxlds

  • MD5

    7fbc8cd26150f60a1269d85c93dd26fe

  • SHA1

    a89a85c42ca5e1937d16d576d5dfb4e587d02d6c

  • SHA256

    8fe5d51bd7d9e650132b7fa22f88e9c98b17a33ebcc64d0c6681199d0f4935fc

  • SHA512

    5c52e1789f6b2019e5ccff0f4aa41b650ec21520c1a0494e3b9fda3652f9ee9ac1205fe3773ab50eae58e2bdd6cc937358b892ad196926f6f71afcaacf197040

  • SSDEEP

    98304:KKnHppIXEQMzAiomuotmQyRPng3UuSyMclETgZpoAjDge9j:KUJG0/kmF87O3BacJHoAj0e9j

Score
10/10
xmrigxmrig_linuxantivmdiscoverylinuxminer

Malware Config

Targets

    • Target

      sh恶意脚本/955ABC9598BEFCA8025B806E9E14FEB1

    • Size

      7KB

    • MD5

      955abc9598befca8025b806e9e14feb1

    • SHA1

      a4070b33a94adb52bd9be5db0350f480ed75e017

    • SHA256

      4e0ec7489f1b0754ff0baca455c11b5a4d092fd9952e93227a12e9819fa84dcd

    • SHA512

      c5803b22c36de905573752a3b689c2b3fcca236bed994e7eb367ff516b6710cf387a8fc7d372841928691ed69a1dee7484f7d359d941fac4ebd2b64729bc0ce3

    • SSDEEP

      192:tfSTAC2G6ZlnbGdTar69wyOWUNInq6EiIEAGVobNhN0l:gklnbGdTar69wyON6E9GV6Kl

    Score
    1/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      sh恶意脚本/B954CBA4C2A5ED68CE8AC88BF4AA484D

    • Size

      7KB

    • MD5

      b954cba4c2a5ed68ce8ac88bf4aa484d

    • SHA1

      5377319edc99975d2f16ab27bfb3142a76fb321d

    • SHA256

      ecfacc6e3b310b76fb381439ffd1d21cc7be0e5130182acad744b16de4f58a3b

    • SHA512

      d528fa1c77ff1895152ddbcf0764e6013e840bbeb82d64fb69746d6721daee9b519b0cc7b1a595f1147410f6a064144850d7da4d8a9d2ca70eb6612788a35983

    • SSDEEP

      192:tf3TACdG6ZlneGd6MXyOWUNInq68kSkwkIkaOAGVobNhNR:FzlneGd6MXyON68VzHlGV6L

    Score
    1/10
    behavioral5behavioral6behavioral7behavioral8

    • Target

      恶意软件/f13e48658426307d9d1434b50fa0493f566ed1f31d6e88bb4ac2ae12ec31ef1f

    • Size

      2.6MB

    • MD5

      19827af3181c12ee7a89cee51f254e2c

    • SHA1

      7c3016dfdfd536e96ef9a7e1a51de01bc0390772

    • SHA256

      f13e48658426307d9d1434b50fa0493f566ed1f31d6e88bb4ac2ae12ec31ef1f

    • SHA512

      1d5915c8e7b8c24a77b17599bea32645ff5e12b7c37f17f2058199be2bf159eb5433f5193d65fdd8aa3a1eba7c4694921e9a0b1a25eb7ef44b2c8eb16d0f3fe9

    • SSDEEP

      24576:aonS0jRd6W0mmMr3Qb5Kbhpe1oD/myq2XpvgEICu7BZBXni5C2UJYM:ZD8W0y7D/m6xe8G

    Score
    6/10
    antivmdiscovery

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Security Software Discovery

      Adversaries may attempt to discover installed security software and its configurations.

      discovery
    behavioral9

    • Target

      挖矿程序/ED573E9B9087C650D06CFB76C62C0CFB

    • Size

      8.4MB

    • MD5

      ed573e9b9087c650d06cfb76c62c0cfb

    • SHA1

      68f229f435574af04319089abbcf2d32571b905a

    • SHA256

      801b23bffa65facee1da69bc6f72f8e1e4e1aeefc63dfd3a99b238d4f9d0a637

    • SHA512

      abd4bf11dd4c02c16eb7970ce5db14e615ed0135afeb0a870a0af114525e365330b07f65eb38bb8592704a774c63d69ff2f8103d758e8fe7dfbeae1bd93c70f5

    • SSDEEP

      196608:ll882nJvjzfTThwUfjNO8phoKDE5IO7rs:llJ2nJvjzfTThwgjNOtKDkIO7

    Score
    10/10
    xmrig_linuxantivmdiscoveryminer

    • Xmrig_linux family

      xmrig_linux

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

      discovery
    behavioral10

    • Target

      漏洞利用程序/8E3E276E650E6EA21BEA16C8C2F3E8C3

    • Size

      14KB

    • MD5

      8e3e276e650e6ea21bea16c8c2f3e8c3

    • SHA1

      e483074bbe5e41cacbe081f290d7e6b0c3184c7f

    • SHA256

      4dcae1bddfc3e2cb98eae84e86fb58ec14ea6ef00778ac5974c4ec526d3da31f

    • SHA512

      8b33a40fd39a06a85169f2e4c4172a4d44ec24d50c512db7231ab4575dbf4093bfdabc63dd1b36dda94ec87772469e659abf0650d8982a526d8623a96bf93e38

    • SSDEEP

      384:ydtOQtZn0kc0sE8Xvn/3PHfXvn/3PHfXvnr70/i:SI00kc0sE8Xvn/3PHfXvn/3PHfXvnrr

    Score
    6/10
    discovery

    • Uses Polkit to run commands

      Uses Polkit pkexec as a proxy to execute commands, possibly to bypass security restrictions.

    behavioral11

MITRE ATT&CK Enterprise v15

Tasks