xmrig | bb62b9324bc673ff0d7841b7b0bf1f2bcbce0c4d761a5865efafdcd35411c48c | Triage

Submit
Reports

Overview

overview

Static

static

5

x86_64

ubuntu-22.04-amd64

x86_64

debian-12-armhf

x86_64

debian-12-mipsel

x86_64

debian-9-armhf

Sharing

General

Target

x86_64
Size

2.3MB
Sample

241226-trg61azpby
MD5

de59dfac47a8261c2444f3d122a61c81
SHA1

488ba08f8156136d222e39dad0a64c9ca27b74d8
SHA256

bb62b9324bc673ff0d7841b7b0bf1f2bcbce0c4d761a5865efafdcd35411c48c
SHA512

cb62ae2510b464852e70983c4108b1a0b126d4e3e8bbafeacd9363a1288babcf40001a3627fa2760d16c75cbdffc5b1b06cbab8bb7c5245ca13737ab44db3426
SSDEEP

49152:4ZwTqMivo91J3oQ9jeOKGiss7gqH5OueN/HizQQg2Ysi:MuqFvK1Bz5isVqHIXZHiz5g2Ysi

Score

10^/10

xmrig antivm discovery execution linux miner persistence privilege_escalatio upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

x86_64

Resource

ubuntu2204-amd64-20240729-en

xmrig antivm discovery execution miner persistence privilege_escalatio

ubuntu-22.04-amd64

14 signatures

900 seconds

Behavioral task

behavioral2

Sample

x86_64

Resource

debian12-armhf-20240221-en

debian-12-armhf

0 signatures

900 seconds

Behavioral task

behavioral3

Sample

x86_64

Resource

debian12-mipsel-20240221-en

debian-12-mipsel

0 signatures

900 seconds

Behavioral task

behavioral4

Sample

x86_64

Resource

debian9-armhf-20240611-en

debian-9-armhf

0 signatures

900 seconds

Malware Config

Targets

- Target
  
  x86_64
- Size
  
  2.3MB
- MD5
  
  de59dfac47a8261c2444f3d122a61c81
- SHA1
  
  488ba08f8156136d222e39dad0a64c9ca27b74d8
- SHA256
  
  bb62b9324bc673ff0d7841b7b0bf1f2bcbce0c4d761a5865efafdcd35411c48c
- SHA512
  
  cb62ae2510b464852e70983c4108b1a0b126d4e3e8bbafeacd9363a1288babcf40001a3627fa2760d16c75cbdffc5b1b06cbab8bb7c5245ca13737ab44db3426
- SSDEEP
  
  49152:4ZwTqMivo91J3oQ9jeOKGiss7gqH5OueN/HizQQg2Ysi:MuqFvK1Bz5isVqHIXZHiz5g2Ysi
Score

10^/10

xmrig antivm discovery execution miner persistence privilege_escalatio
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
- Security Software Discovery
  Adversaries may attempt to discover installed security software and its configurations.
  discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Process Discovery

Software Discovery

Security Software Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigantivmdiscoveryexecutionminerpersistenceprivilege_escalatio

behavioral2

behavioral3

behavioral4

© 2018-2025

Terms | Privacy