xmrig | 8fb447abc33084b5f1cec568a86fa14a3bbd5cb36d508fdd04c90b3b69a5d01b | Triage

Sharing

General

Target

Linux.zip
Size

4.1MB
Sample

241223-jz7fraxqcm
MD5

f95f7d92d58b9d675b71421ef04f7c1a
SHA1

ff245aa9e3ac112fd7c98f099f5ba6f38badf89e
SHA256

8fb447abc33084b5f1cec568a86fa14a3bbd5cb36d508fdd04c90b3b69a5d01b
SHA512

ade29415aecbb7e9194ec850a4ef16ef315d9f7b254662ec8c2a8103c2ff6c0acedbbed8c579da18ae93138f34885e06dae760e34ddb3847791cf9215f744e35
SSDEEP

98304:zKnHppIXEQMzAiomuotmQyRPng3UuSyMclETgZpoAjDge9e:zUJG0/kmF87O3BacJHoAj0e9e

Score

10^/10

xmrig xmrig_linux antivm discovery linux miner

Malware Config

Targets

- Target
  
  sh恶意脚本/ap.sh
- Size
  
  7KB
- MD5
  
  955abc9598befca8025b806e9e14feb1
- SHA1
  
  a4070b33a94adb52bd9be5db0350f480ed75e017
- SHA256
  
  4e0ec7489f1b0754ff0baca455c11b5a4d092fd9952e93227a12e9819fa84dcd
- SHA512
  
  c5803b22c36de905573752a3b689c2b3fcca236bed994e7eb367ff516b6710cf387a8fc7d372841928691ed69a1dee7484f7d359d941fac4ebd2b64729bc0ce3
- SSDEEP
  
  192:tfSTAC2G6ZlnbGdTar69wyOWUNInq6EiIEAGVobNhN0l:gklnbGdTar69wyON6E9GV6Kl
Score

1^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  sh恶意脚本/ap.txt
- Size
  
  1KB
- MD5
  
  896a9b1bc1225326f4326a3398b9f68e
- SHA1
  
  184b8d81395dc7905938f29a1b07e903d15482c1
- SHA256
  
  03e7d2da88107e887b974de142d16bbc21368d4e098465ad9cadb50961dd8062
- SHA512
  
  b278041648c0e8640032688286be0f82a88f332e24fbf771aea090509997e970ddc82d93aa576d29d9ebd4c6c2118a924f7aeaf5da69919cf8c8954b1d2b9767
Score

1^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  sh恶意脚本/ldr.sh
- Size
  
  7KB
- MD5
  
  b954cba4c2a5ed68ce8ac88bf4aa484d
- SHA1
  
  5377319edc99975d2f16ab27bfb3142a76fb321d
- SHA256
  
  ecfacc6e3b310b76fb381439ffd1d21cc7be0e5130182acad744b16de4f58a3b
- SHA512
  
  d528fa1c77ff1895152ddbcf0764e6013e840bbeb82d64fb69746d6721daee9b519b0cc7b1a595f1147410f6a064144850d7da4d8a9d2ca70eb6612788a35983
- SSDEEP
  
  192:tf3TACdG6ZlneGd6MXyOWUNInq68kSkwkIkaOAGVobNhNR:FzlneGd6MXyON68VzHlGV6L
Score

1^/10
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  恶意软件/kik.exe
- Size
  
  2.6MB
- MD5
  
  19827af3181c12ee7a89cee51f254e2c
- SHA1
  
  7c3016dfdfd536e96ef9a7e1a51de01bc0390772
- SHA256
  
  f13e48658426307d9d1434b50fa0493f566ed1f31d6e88bb4ac2ae12ec31ef1f
- SHA512
  
  1d5915c8e7b8c24a77b17599bea32645ff5e12b7c37f17f2058199be2bf159eb5433f5193d65fdd8aa3a1eba7c4694921e9a0b1a25eb7ef44b2c8eb16d0f3fe9
- SSDEEP
  
  24576:aonS0jRd6W0mmMr3Qb5Kbhpe1oD/myq2XpvgEICu7BZBXni5C2UJYM:ZD8W0y7D/m6xe8G
Score

6^/10

discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
- Security Software Discovery
  Adversaries may attempt to discover installed security software and its configurations.
  discovery
behavioral13
- Target
  
  挖矿程序/ED573E9B9087C650D06CFB76C62C0CFB
- Size
  
  8.4MB
- MD5
  
  ed573e9b9087c650d06cfb76c62c0cfb
- SHA1
  
  68f229f435574af04319089abbcf2d32571b905a
- SHA256
  
  801b23bffa65facee1da69bc6f72f8e1e4e1aeefc63dfd3a99b238d4f9d0a637
- SHA512
  
  abd4bf11dd4c02c16eb7970ce5db14e615ed0135afeb0a870a0af114525e365330b07f65eb38bb8592704a774c63d69ff2f8103d758e8fe7dfbeae1bd93c70f5
- SSDEEP
  
  196608:ll882nJvjzfTThwUfjNO8phoKDE5IO7rs:llJ2nJvjzfTThwgjNOtKDkIO7
Score

10^/10

xmrig_linux antivm discovery miner
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral14
- Target
  
  挖矿配置文件/config.json
- Size
  
  2KB
- MD5
  
  101661518965ea842d703d02d84933d8
- SHA1
  
  b6ece2ed70877695619a345c6fd9f3a4eea4996e
- SHA256
  
  ed5afbc6f1d73b55f84fa0b122ab8f1af86882b1aa72ab4326899f7734dd7157
- SHA512
  
  037ca63d5a70356961367d301d505689c5f84c66c0c331383a70738ddfd2e38792b4846d5fe81dfbe96b65941183a76cab3ae7e0121275282cb532881024d667
Score

1^/10
behavioral15 behavioral16 behavioral17 behavioral18
- Target
  
  漏洞利用程序/ko.exe
- Size
  
  14KB
- MD5
  
  8e3e276e650e6ea21bea16c8c2f3e8c3
- SHA1
  
  e483074bbe5e41cacbe081f290d7e6b0c3184c7f
- SHA256
  
  4dcae1bddfc3e2cb98eae84e86fb58ec14ea6ef00778ac5974c4ec526d3da31f
- SHA512
  
  8b33a40fd39a06a85169f2e4c4172a4d44ec24d50c512db7231ab4575dbf4093bfdabc63dd1b36dda94ec87772469e659abf0650d8982a526d8623a96bf93e38
- SSDEEP
  
  384:ydtOQtZn0kc0sE8Xvn/3PHfXvn/3PHfXvnr70/i:SI00kc0sE8Xvn/3PHfXvn/3PHfXvnrr
Score

1^/10
behavioral19

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Process Discovery

Software Discovery

Security Software Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

xmrig_linuxantivmdiscoveryminer

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19