Analysis
-
max time kernel
16s -
max time network
15s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20241127-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20241127-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
05-01-2025 13:57
Behavioral task
behavioral1
Sample
syst3md
Resource
ubuntu2004-amd64-20241127-en
ubuntu-20.04-amd64
8 signatures
150 seconds
General
-
Target
syst3md
-
Size
9.0MB
-
MD5
ca1543264c990b85310bcb879e43eb36
-
SHA1
2bfe576fa35fe75f11da953314b434ebc67de1df
-
SHA256
c597b7bee35070139865404bd0d6a940b2cfb32a994525494e6e01695a690f31
-
SHA512
bb87234622cdf2f165609dacf3f398293ee173dc874015900b892721cb79e3e69ebc08757726ae8b687277eb1c88a3920b3f57e281be93b2213a992f24dd1cf8
-
SSDEEP
196608:pzrugtpzc7iyk252gZerZRRIrIzGkbp44zL30Xms:pzruwo2ykyU/44zL3
Score
10/10
Malware Config
Signatures
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/bios_vendor syst3md File opened for reading /sys/devices/virtual/dmi/id/sys_vendor syst3md File opened for reading /sys/devices/virtual/dmi/id/product_name syst3md File opened for reading /sys/devices/virtual/dmi/id/board_vendor syst3md -
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_serial syst3md File opened for reading /sys/devices/virtual/dmi/id/board_version syst3md File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor syst3md File opened for reading /sys/devices/virtual/dmi/id/bios_date syst3md File opened for reading /sys/devices/virtual/dmi/id/chassis_version syst3md File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag syst3md File opened for reading /sys/devices/virtual/dmi/id/bios_version syst3md File opened for reading /sys/devices/virtual/dmi/id/product_version syst3md File opened for reading /sys/devices/virtual/dmi/id/board_name syst3md File opened for reading /sys/devices/virtual/dmi/id/product_uuid syst3md File opened for reading /sys/devices/virtual/dmi/id/board_serial syst3md File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag syst3md File opened for reading /sys/devices/virtual/dmi/id/chassis_type syst3md File opened for reading /sys/devices/virtual/dmi/id/chassis_serial syst3md -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo syst3md -
Reads CPU attributes 1 TTPs 46 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level syst3md File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map syst3md File opened for reading /sys/devices/system/cpu/possible syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition syst3md File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition syst3md File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map syst3md File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency syst3md File opened for reading /sys/devices/system/cpu/online syst3md File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id syst3md File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq syst3md File opened for reading /sys/devices/system/cpu/cpu0/acpi_cppc/nominal_freq syst3md File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets syst3md File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size syst3md File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id syst3md -
Enumerates kernel/hardware configuration 1 TTPs 25 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/module/msr/initstate modprobe File opened for reading /sys/devices/cpu_core/cpus syst3md File opened for reading /sys/devices/system/node/online syst3md File opened for reading /sys/devices/system/node/node0/access1/initiators syst3md File opened for reading /sys/bus/dax/devices syst3md File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth syst3md File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth syst3md File opened for reading /sys/firmware/dmi/tables/DMI syst3md File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages syst3md File opened for reading /sys/bus/soc/devices syst3md File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems syst3md File opened for reading /sys/devices/system/node/node0/cpumap syst3md File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency syst3md File opened for reading /sys/devices/virtual/dmi/id syst3md File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus syst3md File opened for reading /sys/devices/system/cpu syst3md File opened for reading /sys/devices/system/node/node0/access0/initiators syst3md File opened for reading /sys/devices/system/node/node0/meminfo syst3md File opened for reading /sys/devices/system/node/node0/hugepages syst3md File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages syst3md File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency syst3md File opened for reading /sys/firmware/dmi/tables/smbios_entry_point syst3md File opened for reading /sys/devices/cpu_atom/cpus syst3md File opened for reading /sys/kernel/mm/hugepages syst3md File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages syst3md -
description ioc Process File opened for reading /proc/self/cpuset syst3md File opened for reading /proc/meminfo syst3md File opened for reading /proc/driver/nvidia/gpus syst3md File opened for reading /proc/version_signature syst3md File opened for reading /proc/sys/vm/nr_hugepages syst3md File opened for reading /proc/cmdline modprobe File opened for reading /proc/cmdline syst3md
Processes
-
/tmp/syst3md/tmp/syst3md1⤵
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1398 -
/bin/shsh -c "/sbin/modprobe msr allow_writes=on > /dev/null 2>&1"2⤵PID:1414
-
/sbin/modprobe/sbin/modprobe msr "allow_writes=on"3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1415
-
-