Overview
overview
10Static
static
10sh恶意�...14FEB1
ubuntu-18.04-amd64
sh恶意�...14FEB1
debian-9-armhf
sh恶意�...14FEB1
debian-9-mips
sh恶意�...14FEB1
debian-9-mipsel
sh恶意�...AA484D
ubuntu-18.04-amd64
sh恶意�...AA484D
debian-9-armhf
sh恶意�...AA484D
debian-9-mips
sh恶意�...AA484D
debian-9-mipsel
恶意软�...31ef1f
ubuntu-24.04-amd64
6挖矿程�...2C0CFB
ubuntu-20.04-amd64
10漏洞利�...F3E8C3
ubuntu-20.04-amd64
6Analysis
-
max time kernel
0s -
max time network
133s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
18-12-2024 11:41
Behavioral task
behavioral1
Sample
sh恶意脚本/955ABC9598BEFCA8025B806E9E14FEB1
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
sh恶意脚本/955ABC9598BEFCA8025B806E9E14FEB1
Resource
debian9-armhf-20240729-en
debian-9-armhf
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
sh恶意脚本/955ABC9598BEFCA8025B806E9E14FEB1
Resource
debian9-mipsbe-20240418-en
debian-9-mips
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
sh恶意脚本/955ABC9598BEFCA8025B806E9E14FEB1
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
sh恶意脚本/B954CBA4C2A5ED68CE8AC88BF4AA484D
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
sh恶意脚本/B954CBA4C2A5ED68CE8AC88BF4AA484D
Resource
debian9-armhf-20240611-en
debian-9-armhf
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
sh恶意脚本/B954CBA4C2A5ED68CE8AC88BF4AA484D
Resource
debian9-mipsbe-20240729-en
debian-9-mips
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
sh恶意脚本/B954CBA4C2A5ED68CE8AC88BF4AA484D
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
恶意软件/f13e48658426307d9d1434b50fa0493f566ed1f31d6e88bb4ac2ae12ec31ef1f
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
7 signatures
150 seconds
Behavioral task
behavioral10
Sample
挖矿程序/ED573E9B9087C650D06CFB76C62C0CFB
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
8 signatures
150 seconds
Behavioral task
behavioral11
Sample
漏洞利用程序/8E3E276E650E6EA21BEA16C8C2F3E8C3
Resource
ubuntu2004-amd64-20241127-en
ubuntu-20.04-amd64
3 signatures
150 seconds
General
-
Target
挖矿程序/ED573E9B9087C650D06CFB76C62C0CFB
-
Size
8.4MB
-
MD5
ed573e9b9087c650d06cfb76c62c0cfb
-
SHA1
68f229f435574af04319089abbcf2d32571b905a
-
SHA256
801b23bffa65facee1da69bc6f72f8e1e4e1aeefc63dfd3a99b238d4f9d0a637
-
SHA512
abd4bf11dd4c02c16eb7970ce5db14e615ed0135afeb0a870a0af114525e365330b07f65eb38bb8592704a774c63d69ff2f8103d758e8fe7dfbeae1bd93c70f5
-
SSDEEP
196608:ll882nJvjzfTThwUfjNO8phoKDE5IO7rs:llJ2nJvjzfTThwgjNOtKDkIO7
Score
10/10
Malware Config
Signatures
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/bios_vendor ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/sys_vendor ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/product_name ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/board_vendor ED573E9B9087C650D06CFB76C62C0CFB -
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/chassis_type ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/bios_version ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/product_uuid ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/board_name ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/chassis_serial ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/bios_date ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/product_version ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/product_serial ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/board_serial ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/board_version ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/chassis_version ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag ED573E9B9087C650D06CFB76C62C0CFB -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo ED573E9B9087C650D06CFB76C62C0CFB -
Reads CPU attributes 1 TTPs 2 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/system/cpu/possible ED573E9B9087C650D06CFB76C62C0CFB -
Enumerates kernel/hardware configuration 1 TTPs 63 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/level ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/physical_line_partition ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/type ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_cpus ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/type ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-2048kB/nr_hugepages ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/access0/initiators ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/number_of_sets ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index6/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/dax/target_node ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/fs/cgroup/unified/cgroup.controllers ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/physical_package_id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/access0/initiators/read_bandwidth ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/cluster_cpus ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cpufreq/cpuinfo_max_freq ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/access0/initiators/read_latency ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/number_of_sets ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/type ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index8/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/type ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/kernel/mm/hugepages ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/dax/devices/target_node ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/coherency_line_size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/package_cpus ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/level ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/access1/initiators ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/hugepages ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/meminfo ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/physical_line_partition ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/level ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/level ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/die_cpus ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/number_of_sets ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/dax/devices ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/system/cpu ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cpufreq/base_frequency ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/cpumap ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/system/node/online ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cpu_capacity ED573E9B9087C650D06CFB76C62C0CFB -
description ioc Process File opened for reading /proc/mounts ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /proc/self/cpuset ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /proc/meminfo ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /proc/driver/nvidia/gpus ED573E9B9087C650D06CFB76C62C0CFB