xmrig | 82d5f1b0b96907494a793d1cd838b2ea1b8fc7f7e758ae56bcc75d89ed6f3e97 | Triage

Submit
Reports

Overview

overview

Static

static

1

sa.sh

ubuntu-18.04-amd64

sa.sh

debian-9-armhf

sa.sh

debian-9-mips

sa.sh

debian-9-mipsel

Sharing

General

Target

sa.sh
Size

438B
Sample

241229-epmldaskby
MD5

52f6ef322dd61383cc5f03bba971ecc1
SHA1

a540ec9917e63a178aa44b3f3570a54ff8c88135
SHA256

82d5f1b0b96907494a793d1cd838b2ea1b8fc7f7e758ae56bcc75d89ed6f3e97
SHA512

c17b540e81ca673cfb39cedb1417bfebb0367d61f9f9315710713bc0167cfb953b2b0fdec2bad0435c4ac423e41935fac7fa76ceb288f07174273b9f32f1d938

Score

10^/10

xmrig xmrig_linux antivm defense_evasion discovery linux miner

Static task

static1

Behavioral task

behavioral1

Sample

sa.sh

Resource

ubuntu1804-amd64-20240729-en

xmrig xmrig_linux antivm defense_evasion discovery miner

ubuntu-18.04-amd64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

sa.sh

Resource

debian9-armhf-20240729-en

xmrig xmrig_linux defense_evasion discovery miner

debian-9-armhf

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

sa.sh

Resource

debian9-mipsbe-20240611-en

xmrig xmrig_linux defense_evasion discovery miner

debian-9-mips

10 signatures

150 seconds

Behavioral task

behavioral4

Sample

sa.sh

Resource

debian9-mipsel-20240729-en

xmrig xmrig_linux defense_evasion discovery miner

debian-9-mipsel

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  sa.sh
- Size
  
  438B
- MD5
  
  52f6ef322dd61383cc5f03bba971ecc1
- SHA1
  
  a540ec9917e63a178aa44b3f3570a54ff8c88135
- SHA256
  
  82d5f1b0b96907494a793d1cd838b2ea1b8fc7f7e758ae56bcc75d89ed6f3e97
- SHA512
  
  c17b540e81ca673cfb39cedb1417bfebb0367d61f9f9315710713bc0167cfb953b2b0fdec2bad0435c4ac423e41935fac7fa76ceb288f07174273b9f32f1d938
Score

10^/10

xmrig xmrig_linux antivm defense_evasion discovery miner
- XMRig Miner payload
  miner
- Xmrig family
  xmrig
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigxmrig_linuxantivmdefense_evasiondiscoveryminer

behavioral2

xmrigxmrig_linuxdefense_evasiondiscoveryminer

behavioral3

xmrigxmrig_linuxdefense_evasiondiscoveryminer

behavioral4

xmrigxmrig_linuxdefense_evasiondiscoveryminer

© 2018-2025

Terms | Privacy