xmrig_linux | a5d7a1f2e953c351109901ea206f6e3a5b24a446f9b4aa4a17346c0f05a8e06b

General

Target

605c81c507d2cdaaed20bc42850212a4-sample(1).zip
Size

7KB
Sample

250122-wf4lzaxphx
MD5

4cff21e4d783a0749a0cbc414d955cf2
SHA1

1763762b9f73d44e7424739d836f2067fd23d45e
SHA256

a5d7a1f2e953c351109901ea206f6e3a5b24a446f9b4aa4a17346c0f05a8e06b
SHA512

da75e863dcf160b1740d036f25e5ac8f95e91809e3387ac89e725fe5a97ecbbbd2e0927f558c36e190a42210294582315cdf44d0b8f8bafed63763f35c8a47df
SSDEEP

192:SwAaUWs1RCSQmwZKbZp8GhMI3YHzcUfs6IDp600n:Swzc1RQzAMlUAzcU0jDp600n

Score

10^/10

Malware Config

Targets

- Target
  
  272c0be0-3abd-49ec-95e4-72620029f736.tmp
- Size
  
  35KB
- MD5
  
  f4ec053a3f17ec4bdae8c3570e4241df
- SHA1
  
  69663d585c3e698f3044b44aba94d09fdd0382f0
- SHA256
  
  2624983c09e22f4395668732d075a15e34d80379904ba20e8e54814ed9ff62b5
- SHA512
  
  6da887f2f23ebb4c1309a44fc8af672663e7f413a24e1c09cdd366e2ef26bea2f9190f5b718373811f4b72f0d26440003f7e321a60d8334eb7fbb67938c6ae09
- SSDEEP
  
  768:b87mzQ5VFNcDAFLcIwgnoYq0xFBCytguz:bOVF+D6cIwgosXz
Score

10^/10

xmrig_linux credential_access defense_evasion discovery execution miner persistence privilege_escalation
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  defense_evasion
- OS Credential Dumping
  Adversaries may attempt to dump credentials to use it in password cracking.
  credential_access
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  Abuse sudo or cached sudo credentials to execute code.
  privilege_escalation defense_evasion
- Attempts to change immutable files
  Modifies inode attributes on the filesystem to allow changing of immutable files.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalation
- Disables AppArmor
  Disables AppArmor security module.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1