Overview

overview

10

Static

static

5

9-.redtail_

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4qoGccX68s9fdEWfdr7wu2.zip

  • Size

    4.1MB

  • Sample

    241220-kq6zasvmhr

  • MD5

    a87c0ca4284ce27ac8e990c690a2db3b

  • SHA1

    67f7be25ee219e8236a2fb1465aec64f737ae884

  • SHA256

    2d70cf00054ddf8d5acbfd6d410588736f1471bc1663c14c52ca78cbd01c6cb1

  • SHA512

    7f53f67ed15c89693a56414e13a7853b108cd9b89bea6ec3b268970d74d9a0dabee01ad54847372dc738eac596da21077d92478051c08b87ce686dcfab807d8c

  • SSDEEP

    98304:ioWpbbqDR6GY8sUMa2NBe3gqE+8d1EwL6lQbe9UvTXCxeNDgTEX6:YJkRkTugqEKwDe+jaukTM6

Score
10/10
xmrigantivmdiscoveryexecutionlinuxminerpersistenceprivilege_escalatioupx

Malware Config

Targets

    • Target

      9-.redtail_

    • Size

      1.6MB

    • MD5

      f6634e2fb7872be767a2cb5b1da04103

    • SHA1

      532037729f2da9fc1341f744e5afa2420bcfebca

    • SHA256

      29f8524562c2436f42019e0fc473bd88584234c57979c7375c1ace3648784e4b

    • SHA512

      e1b34b5235ecfe8f74698d10ecf70758adcb5ef2832b3be272fe737770f47daf4974fe6c957ccf24282a1a0af4a4cca393727517ea5ade97504a55b3b6a6ff51

    • SSDEEP

      49152:+0C0VNKlaCi+DnTy1aywFeW0/+EPEhB66ERCWP:e8NKlb5nTy1ZueW0Wuq66xWP

    Score
    10/10
    xmrigantivmdiscoveryexecutionminerpersistenceprivilege_escalatio

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Contacts a large (1745495) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • XMRig Miner payload

      miner

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalatio

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks