Analysis
-
max time kernel
0s -
max time network
129s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
25-12-2024 00:07
Behavioral task
behavioral1
Sample
b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
8 signatures
150 seconds
General
-
Target
b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc
-
Size
7.6MB
-
MD5
991d8dea7268212f8e5ca8a3bfd56398
-
SHA1
dc6fb3b941e1af3c5b8e56c143ba904d9c41a955
-
SHA256
b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc
-
SHA512
702025e60aa16acf6be691f93c74a44e771bf0dcd735eee8c211ae92f31d0cefe607c8b54e93de52f10afe1e08d459c0492ef64d1630b3d9f796b5de0485ad4f
-
SSDEEP
196608:iV4oZPljXZ9GfAYoGBM3kpg1cc75JjCNLhSWzk+s:iV4oZPljXZ9UxoGBM3Ug1cMVCNLhFzk
Score
10/10
Malware Config
Signatures
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_name b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/board_vendor b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/bios_vendor b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/sys_vendor b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc -
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_version b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/board_version b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/chassis_version b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/chassis_serial b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/product_serial b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/bios_version b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/product_uuid b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/board_serial b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/chassis_type b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/bios_date b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/board_name b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc -
Reads CPU attributes 1 TTPs 3 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/system/cpu/types b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/system/cpu/possible b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc -
Enumerates kernel/hardware configuration 1 TTPs 58 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/fs/cgroup/cgroup.controllers b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/physical_line_partition b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/node/devices/node0/access0/initiators/read_bandwidth b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/fs/cgroup/cpuset.cpus.effective b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/size b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/number_of_sets b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/level b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/type b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/kernel/mm/hugepages b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/node/devices/node0/cpumap b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/node/devices/node0/access0/initiators/read_latency b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/node/devices/node0/access1/initiators b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_cpus b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/topology/physical_package_id b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cpufreq/base_frequency b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/level b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-2048kB/nr_hugepages b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/virtual/dmi/id b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/topology/package_cpus b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/node/devices/node0/access0/initiators b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cpufreq/cpuinfo_max_freq b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/shared_cpu_map b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/number_of_sets b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/physical_line_partition b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/node/devices/node0/hugepages b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/fs/cgroup/cpuset.mems.effective b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/topology/die_cpus b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/type b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index8/shared_cpu_map b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/number_of_sets b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/devices/system/node/online b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/dax/devices b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/type b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/size b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/size b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/node/devices/node0/meminfo b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-1048576kB/nr_hugepages b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/dax/target_node b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_id b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/coherency_line_size b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/shared_cpu_map b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/level b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/type b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index6/shared_cpu_map b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/dax/devices/target_node b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/shared_cpu_map b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/level b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc -
description ioc Process File opened for reading /proc/meminfo b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /proc/driver/nvidia/gpus b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /proc/mounts b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc File opened for reading /proc/self/cpuset b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc
Processes
-
/tmp/b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc/tmp/b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc1⤵
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2479