xmrig | 17a215c11838c6ebb792cc33fd66c6972563a3722eecf84e57beaaf89f3acfa7 | Triage

Submit
Reports

Overview

overview

Static

static

5

x86_64.elf

ubuntu-20.04-amd64

Sharing

General

Target

x86_64.elf
Size

1.6MB
Sample

250202-gx9rzsyqcs
MD5

a9261e627e65abd2a76823e9339bb686
SHA1

bf6c77b16d9937f4521adfac0cff1e108940ea6f
SHA256

17a215c11838c6ebb792cc33fd66c6972563a3722eecf84e57beaaf89f3acfa7
SHA512

74967db7d50081312b539a832c5af98bd03ba5aac0272cf035326ee5ffca5231866eef138c182374c344caf2211d24caa6737e9489549b76f9714a0b82f90b5f
SSDEEP

49152:50vJG7L6ILYrt06drhrD2DVlgpLtEbd05qjkp:5JL6ILYrhd5KYpLtE5Wfp

Score

10^/10

xmrig antivm discovery execution linux miner persistence privilege_escalation upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

x86_64.elf

Resource

ubuntu2004-amd64-20240729-en

xmrig antivm discovery execution miner persistence privilege_escalation

ubuntu-20.04-amd64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  x86_64.elf
- Size
  
  1.6MB
- MD5
  
  a9261e627e65abd2a76823e9339bb686
- SHA1
  
  bf6c77b16d9937f4521adfac0cff1e108940ea6f
- SHA256
  
  17a215c11838c6ebb792cc33fd66c6972563a3722eecf84e57beaaf89f3acfa7
- SHA512
  
  74967db7d50081312b539a832c5af98bd03ba5aac0272cf035326ee5ffca5231866eef138c182374c344caf2211d24caa6737e9489549b76f9714a0b82f90b5f
- SSDEEP
  
  49152:50vJG7L6ILYrt06drhrD2DVlgpLtEbd05qjkp:5JL6ILYrhd5KYpLtE5Wfp
Score

10^/10

xmrig antivm discovery execution miner persistence privilege_escalation
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Contacts a large (1891842) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- XMRig Miner payload
  miner
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalation
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigantivmdiscoveryexecutionminerpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy