xmrig

Sharing

General

Target

ICE-Temp.7z
Size

36.1MB
Sample

250105-rdht9sykhj
MD5

c97520de31273eb4135b18ac9a1256e4
SHA1

881e1cc8ff1c5e60ba094c2d8ac4c46240e513dd
SHA256

7aaa0dc8ba8230a6f6af9e088ecbd51423177b90c7c7b3e439cefbf2da09065a
SHA512

f58a963a09bfe1bfc7e298ae5c27d72ecf0e4cac13bd32dec0b8b8dd90065adc200f298705f44a59b0b8195e4a27a16f4fba78631cb871a958879b235da14d99
SSDEEP

786432:dX48HfOK1a3ojirTC8mt52++spS+3mVR8utv+:dXV1a39erv2+LYWIRhtv+

Score

10^/10

Malware Config

Targets

- Target
  
  .ICE-Temp/1
- Size
  
  901KB
- MD5
  
  a6ae2651f951fe07f265b548474274b9
- SHA1
  
  be4fcfffbd7db08f5c4b224714bc1f3956e2052d
- SHA256
  
  37d699798e777618260b07653d85a36d06725b29cb31a30242b2a9042ad3ceee
- SHA512
  
  a8f91d49274762163a63f33744235ac75ae6d68f41627c9f38778559c8a7be3d8005754bd09d9faf7c2960b2648ef97b4a5ede5b35b07736e59d363402c57aed
- SSDEEP
  
  12288:HvYK4GTxpZGAv9f4e8qFO+4mZozurydh+muyR97ry9hv7E:HvYRGXZFv9Ae/FO+4OoNnuyRxy9h
Score

6^/10

discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1
- Target
  
  .ICE-Temp/apachelogs
- Size
  
  901KB
- MD5
  
  9e39b0a7baca08a77c4716e5581660b2
- SHA1
  
  7bdf3b20e45836b35101c79ac273340158fa58f9
- SHA256
  
  058fa7b2e8e5e9809c2f9a574bf7e630a4455c0a26c948b798019d265b6510d3
- SHA512
  
  fb388adb933492db9539767c8c2bde75595ce17febed9c1bb68189fa0936705d0489d5ed5adad5d3fdc31f6a57c2a2e7db39413742a3b6dd8474b013da169e33
- SSDEEP
  
  12288:OzaS4Ghzy1wov9b4GQ44uM0cq6krydh+muhRP7ry9hv7E:OzaZG41Lv9MG14uM0cqOnuhRny9h
Score

6^/10

discovery execution persistence privilege_escalatio
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral2
- Target
  
  .ICE-Temp/lol
- Size
  
  733B
- MD5
  
  0eba5ce29c4baf4888bd2a9dd39fec0a
- SHA1
  
  17f23530e3729300baf1e83276aa41b42e07c3bf
- SHA256
  
  0cd5b1bbe4219f258a3fc50a3c08cd70a59ecfb74cbd97c022db8932da2051cf
- SHA512
  
  74e9d9f8aaa9a6c81ae96d6dcd0fa28d7f47008e5b58512e88175d78c89cbe4c26b9c65e9d3f50b472a2bcf4ccae2be1aa26f59d5e35ac86080f21f7fd32cea5
Score

6^/10

discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral3
- Target
  
  .ICE-Temp/noob
- Size
  
  67B
- MD5
  
  89599bf56ee19e0693a7ad5b57c7eeaf
- SHA1
  
  957ee319c0078cf557384a556b50be351cfc6cd4
- SHA256
  
  71c1082dcb24443849f686f20c44f2befcce798b325369fbd2bd6f3cf9e86c71
- SHA512
  
  900e0ea538d6288e8d0dd04648c06574dd35b0d359af8f7906af49352dccce97cd2f8e684d925de7aa397df2533308c0e7bd11bba618f4b71cc1cb700545b9e8
Score

1^/10
behavioral4
- Target
  
  .ICE-Temp/run
- Size
  
  904KB
- MD5
  
  6f2ad308cfca8ada83dddeff3550ff1b
- SHA1
  
  6d51130d16c851c9cab5851ee13abec0cb24d20d
- SHA256
  
  bd8a77f63439dd7bc7e7da339ec4a9c097e5b316d42a0941b78b93a0bf664892
- SHA512
  
  e8c894292b0b71791d740fd372170d050683c7aa7720d4ba77aaf3e5e4d776d4da265e6f4bd94adec26c994408f5470b384f1b7a58841368c73ac836084bdb5c
- SSDEEP
  
  12288:z6r54g+nBwIjwv9og34rhz/BIYpVrydh+muhRn7ry9hv7E:z6rag+eI8v953uhz/BIYwnuhRfy9h
Score

8^/10

credential_access defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Modifies password files for system users/ groups
  Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
  persistence credential_access defense_evasion
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- OS Credential Dumping
  Adversaries may attempt to dump credentials to use it in password cracking.
  credential_access
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  Abuse sudo or cached sudo credentials to execute code.
  privilege_escalation defense_evasion
- Adds a user to the system
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral5
- Target
  
  .ICE-Temp/setup
- Size
  
  904KB
- MD5
  
  68c89e757f76f5fe2a5442ac922ae77a
- SHA1
  
  0463e67ed457a133a833a26a4d0b960a97859f33
- SHA256
  
  4b6cdd50c6af5ebb0637ab58da91c3068d70b75e7eadf5b957af6eadbc9f59ad
- SHA512
  
  62159d9db14d4dfebf785d3b5f233132c5449d9e23f80a3a088c19a8e3240c06b4a974916c1cc27eb1b431d83d588f61a0fce5cad25393f7445181573a1a7325
- SSDEEP
  
  12288:xmLY4d8oo0Srv9ZzFI6zuPfJS4Jgrydh+muRRj7ry9hv7E:xmLfds0uv9hFIwuPfJS45nuRRzy9h
Score

3^/10

discovery
behavioral6
- Target
  
  .ICE-Temp/sobolan
- Size
  
  44.3MB
- MD5
  
  7849983d77b052de90558feeefb3078d
- SHA1
  
  dcbe5ca017bea2684848fe16dd8b689a99084259
- SHA256
  
  decd1f03573fe4b7171af8edd3c342799be4e6b4431ed8c2a6ed9c3728af5bad
- SHA512
  
  5bdf3c04280861225489b3b3193cc7c7231727212033966ac7e844d48e617cf2e790152ee9d925b3957ac055241bfd7a8aa62355e955b42331fbc3e6c7e31c15
- SSDEEP
  
  786432:GguQs0Lz/fiQBrfR+vLGRfU0qCmydhdD82l5cF+DROb6rj8MXSzls0eO0Uep7GSs:SQs0Lz/f1pgU8ImydNncwDRx8+SJs0eC
Score

3^/10

discovery
behavioral7
- Target
  
  .ICE-Temp/start
- Size
  
  941B
- MD5
  
  94fd849cdea84d6058f004b2dd98fb61
- SHA1
  
  d2553119a3b88d111600577624dc739f68c04e43
- SHA256
  
  1b575c12ba32daa8229697cca355892a0c0ad5acdca0c88278877a4f67c2255b
- SHA512
  
  5655657fe5f3ecebd6540e215ce33d988d3101bbcaa17b2049550f9439304c4783d0d1528f0a359adf76143d85a2c32ed8714b04a09e115fbb77e2a39cad3dae
Score

6^/10

discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral8
- Target
  
  .ICE-Temp/status
- Size
  
  575B
- MD5
  
  7989ea33ddede0ecf9f3e562aaa8a1c4
- SHA1
  
  fe84c9b7967c4c813697a7eb8413906a694fcf76
- SHA256
  
  a625b52555bfbfe15958ff57e0396aeaa8ac407b016b2500f50d22de61ff192a
- SHA512
  
  939463bcea231fea5f47711e44a6f497afa65c69aa1c47529b56912ea18a712235b5edeb9595305896e3907f78f7451bc15ab7857dd61e93f19e383b663c1faa
Score

1^/10
behavioral9
- Target
  
  .ICE-Temp/syst3md
- Size
  
  9.0MB
- MD5
  
  ca1543264c990b85310bcb879e43eb36
- SHA1
  
  2bfe576fa35fe75f11da953314b434ebc67de1df
- SHA256
  
  c597b7bee35070139865404bd0d6a940b2cfb32a994525494e6e01695a690f31
- SHA512
  
  bb87234622cdf2f165609dacf3f398293ee173dc874015900b892721cb79e3e69ebc08757726ae8b687277eb1c88a3920b3f57e281be93b2213a992f24dd1cf8
- SSDEEP
  
  196608:pzrugtpzc7iyk252gZerZRRIrIzGkbp44zL30Xms:pzruwo2ykyU/44zL3
Score

10^/10

xmrig_linux antivm discovery miner
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral10
- Target
  
  .ICE-Temp/wget-log
- Size
  
  182B
- MD5
  
  2adea4dd7ef427d637c5608992d43df4
- SHA1
  
  ef697f961cc56cfb5534beb35609d5cbf7069865
- SHA256
  
  006af195652ed68f9c6c41c5a396e719416e4a495b9b7e3fd568c84095081948
- SHA512
  
  30215ccb56a3b7103232f2ebffe78e6b848c06761a5853975b8871eabe599c2783581ffcb9a6336bef314e91b6b05c8be617a3407cf77a17a8353a25b8a0eda8
Score

1^/10
behavioral11