xmrig | 50dad45e91f61043118a822c13316171108c676db874ab5cfc77f149a41eba9f | Triage

Submit
Reports

Overview

overview

Static

static

1

watchdog.elf

debian-12-armhf

watchdog.elf

ubuntu-18.04-amd64

watchdog.elf

ubuntu-22.04-amd64

Resubmissions

13-01-2025 14:19

250113-rm7vravmez 1

13-01-2025 14:07

250113-re1fpsvkc1 10

09-01-2025 06:07

250109-gva6mstldl 7

Sharing

General

Target

watchdog.elf
Size

309KB
Sample

250113-re1fpsvkc1
MD5

f124e8a9e771966e3846a638be333e8d
SHA1

07a3ee5d11f8c31f650de519edaa18a4c7548a9d
SHA256

50dad45e91f61043118a822c13316171108c676db874ab5cfc77f149a41eba9f
SHA512

a7dacb77f171b4a5f475b6523dd0f6a4da009291f4a10c35cf206bfd4d31e1a605d1266ce0d885515f5e50df7aba8dbac8975c3efb0adf0e5209c4fbf7f51131
SSDEEP

6144:uyKTXNPSWNKzpsMQspTeOKPsYekmRtwqNHexsYKlJ6dQC4yV6OEfXOd:cdSD+haTbKUMmRqqNHexsYKlJ6dQCvcj

Score

10^/10

xmrig xmrig_linux antivm discovery execution linux miner persistence privilege_escalatio upx

Static task

static1

Behavioral task

behavioral1

Sample

watchdog.elf

Resource

debian12-armhf-20240221-en

debian-12-armhf

0 signatures

900 seconds

Behavioral task

behavioral2

Sample

watchdog.elf

Resource

ubuntu1804-amd64-20240611-en

xmrig xmrig_linux antivm discovery execution miner persistence privilege_escalatio upx

ubuntu-18.04-amd64

17 signatures

900 seconds

Behavioral task

behavioral3

Sample

watchdog.elf

Resource

ubuntu2204-amd64-20240729-en

xmrig antivm discovery execution miner persistence privilege_escalatio upx

ubuntu-22.04-amd64

15 signatures

900 seconds

Malware Config

Targets

- Target
  
  watchdog.elf
- Size
  
  309KB
- MD5
  
  f124e8a9e771966e3846a638be333e8d
- SHA1
  
  07a3ee5d11f8c31f650de519edaa18a4c7548a9d
- SHA256
  
  50dad45e91f61043118a822c13316171108c676db874ab5cfc77f149a41eba9f
- SHA512
  
  a7dacb77f171b4a5f475b6523dd0f6a4da009291f4a10c35cf206bfd4d31e1a605d1266ce0d885515f5e50df7aba8dbac8975c3efb0adf0e5209c4fbf7f51131
- SSDEEP
  
  6144:uyKTXNPSWNKzpsMQspTeOKPsYekmRtwqNHexsYKlJ6dQC4yV6OEfXOd:cdSD+haTbKUMmRqqNHexsYKlJ6dQCvcj
Score

10^/10

xmrig xmrig_linux antivm discovery execution miner persistence privilege_escalatio upx
- Xmrig family
  xmrig
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- XMRig Miner payload
  miner
- Deletes itself
- Executes dropped EXE
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xmrigxmrig_linuxantivmdiscoveryexecutionminerpersistenceprivilege_escalatioupx

behavioral3

xmrigantivmdiscoveryexecutionminerpersistenceprivilege_escalatioupx

© 2018-2025

Terms | Privacy