Overview
overview
10Static
static
10sh恶意脚本/ap.sh
ubuntu-18.04-amd64
sh恶意脚本/ap.sh
debian-9-armhf
sh恶意脚本/ap.sh
debian-9-mips
sh恶意脚本/ap.sh
debian-9-mipsel
sh恶意脚本/ap.txt
ubuntu-18.04-amd64
sh恶意脚本/ap.txt
debian-9-armhf
sh恶意脚本/ap.txt
debian-9-mips
sh恶意脚本/ap.txt
debian-9-mipsel
sh恶意脚本/ldr.sh
ubuntu-18.04-amd64
sh恶意脚本/ldr.sh
debian-9-armhf
sh恶意脚本/ldr.sh
debian-9-mips
sh恶意脚本/ldr.sh
debian-9-mipsel
恶意软件/kik.exe
ubuntu-22.04-amd64
6挖矿程�...2C0CFB
ubuntu-22.04-amd64
10挖矿配�...g.json
ubuntu-18.04-amd64
挖矿配�...g.json
debian-9-armhf
挖矿配�...g.json
debian-9-mips
挖矿配�...g.json
debian-9-mipsel
漏洞利�...ko.exe
ubuntu-22.04-amd64
1Analysis
-
max time kernel
0s -
max time network
128s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
23-12-2024 08:07
Behavioral task
behavioral1
Sample
sh恶意脚本/ap.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral2
Sample
sh恶意脚本/ap.sh
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral3
Sample
sh恶意脚本/ap.sh
Resource
debian9-mipsbe-20240418-en
debian-9-mips
Behavioral task
behavioral4
Sample
sh恶意脚本/ap.sh
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral5
Sample
sh恶意脚本/ap.txt
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral6
Sample
sh恶意脚本/ap.txt
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral7
Sample
sh恶意脚本/ap.txt
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral8
Sample
sh恶意脚本/ap.txt
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral9
Sample
sh恶意脚本/ldr.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral10
Sample
sh恶意脚本/ldr.sh
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral11
Sample
sh恶意脚本/ldr.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral12
Sample
sh恶意脚本/ldr.sh
Resource
debian9-mipsel-20240729-en
debian-9-mipsel
Behavioral task
behavioral13
Sample
恶意软件/kik.exe
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
Behavioral task
behavioral14
Sample
挖矿程序/ED573E9B9087C650D06CFB76C62C0CFB
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral15
Sample
挖矿配置文件/config.json
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral16
Sample
挖矿配置文件/config.json
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral17
Sample
挖矿配置文件/config.json
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral18
Sample
挖矿配置文件/config.json
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral19
Sample
漏洞利用程序/ko.exe
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
General
-
Target
挖矿程序/ED573E9B9087C650D06CFB76C62C0CFB
-
Size
8.4MB
-
MD5
ed573e9b9087c650d06cfb76c62c0cfb
-
SHA1
68f229f435574af04319089abbcf2d32571b905a
-
SHA256
801b23bffa65facee1da69bc6f72f8e1e4e1aeefc63dfd3a99b238d4f9d0a637
-
SHA512
abd4bf11dd4c02c16eb7970ce5db14e615ed0135afeb0a870a0af114525e365330b07f65eb38bb8592704a774c63d69ff2f8103d758e8fe7dfbeae1bd93c70f5
-
SSDEEP
196608:ll882nJvjzfTThwUfjNO8phoKDE5IO7rs:llJ2nJvjzfTThwgjNOtKDkIO7
Malware Config
Signatures
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/sys_vendor ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/product_name ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/board_vendor ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/bios_vendor ED573E9B9087C650D06CFB76C62C0CFB -
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_serial ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/board_serial ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/chassis_serial ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/bios_date ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/product_version ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/bios_version ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/board_name ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/chassis_type ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/product_uuid ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/board_version ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id/chassis_version ED573E9B9087C650D06CFB76C62C0CFB -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo ED573E9B9087C650D06CFB76C62C0CFB -
Reads CPU attributes 1 TTPs 2 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/possible ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/system/cpu/online ED573E9B9087C650D06CFB76C62C0CFB -
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/fs/cgroup/cpuset.cpus.effective ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/level ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/number_of_sets ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/level ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/hugepages ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/cluster_cpus ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/type ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/system/node/online ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/fs/cgroup/cpuset.mems.effective ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/physical_package_id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/type ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-1048576kB/nr_hugepages ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/dax/target_node ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/type ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/cpumap ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/die_cpus ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/physical_line_partition ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/virtual/dmi/id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/fs/cgroup/cgroup.controllers ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/access0/initiators ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/package_cpus ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cpufreq/base_frequency ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/access1/initiators ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/access0/initiators/read_bandwidth ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/level ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/type ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/number_of_sets ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index6/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/meminfo ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/physical_line_partition ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index8/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cpufreq/cpuinfo_max_freq ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/level ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/coherency_line_size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/number_of_sets ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/kernel/mm/hugepages ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/dax/devices ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cpu_capacity ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-2048kB/nr_hugepages ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/dax/devices/target_node ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/devices/system/cpu ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_cpus ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/id ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map ED573E9B9087C650D06CFB76C62C0CFB -
description ioc Process File opened for reading /proc/mounts ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /proc/self/cpuset ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /proc/meminfo ED573E9B9087C650D06CFB76C62C0CFB File opened for reading /proc/driver/nvidia/gpus ED573E9B9087C650D06CFB76C62C0CFB