xmrig | be40710e90ecf65453a5104c03a8cb6639173322d9bfcc6e105a1d7955417c79 | Triage

Submit
Reports

Overview

overview

Static

static

x86_64

ubuntu-24.04-amd64

9

Sharing

General

Target

x86_64
Size

4.4MB
Sample

250125-et6j2svqct
MD5

7a5612ea3be48fbc9a67b1caee4131fa
SHA1

506f5be83edc1e330cff5b66822b82f62b4eafb1
SHA256

be40710e90ecf65453a5104c03a8cb6639173322d9bfcc6e105a1d7955417c79
SHA512

8b9c4dbfc7d10f22be4d4ffc5ed18b58a658cde45d0f951e0d5f28c37f911e9054e34180bd812e1a57f5bdd7065892eefcc93dff5460df651520c9091356262b
SSDEEP

98304:b/clC9UiBrnwyiTnd1noHjzlX++hGU4WdY9:b/l9U2is/ggjdY9

Score

10^/10

xmrig antivm discovery execution linux miner persistence privilege_escalation

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

x86_64

Resource

ubuntu2404-amd64-20240523-en

antivm discovery execution persistence privilege_escalation

ubuntu-24.04-amd64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  x86_64
- Size
  
  4.4MB
- MD5
  
  7a5612ea3be48fbc9a67b1caee4131fa
- SHA1
  
  506f5be83edc1e330cff5b66822b82f62b4eafb1
- SHA256
  
  be40710e90ecf65453a5104c03a8cb6639173322d9bfcc6e105a1d7955417c79
- SHA512
  
  8b9c4dbfc7d10f22be4d4ffc5ed18b58a658cde45d0f951e0d5f28c37f911e9054e34180bd812e1a57f5bdd7065892eefcc93dff5460df651520c9091356262b
- SSDEEP
  
  98304:b/clC9UiBrnwyiTnd1noHjzlX++hGU4WdY9:b/l9U2is/ggjdY9
Score

9^/10

antivm discovery execution persistence privilege_escalation
- Contacts a large (1395292) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalation
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

antivmdiscoveryexecutionpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy