xmrig | bf45cffbc11cf408e600442b7cb87dc28f56b7d165781c499f9fd1a148cc5ff4 | Triage

Submit
Reports

Overview

overview

Static

static

5

arm7.elf

debian-9-armhf

Sharing

General

Target

arm7.elf
Size

1.1MB
Sample

250202-y8gzsaxlby
MD5

a1adf45d4491d7075c2329d0f132792b
SHA1

4f417fcf288220efee800e58a9f27e4374cea4da
SHA256

bf45cffbc11cf408e600442b7cb87dc28f56b7d165781c499f9fd1a148cc5ff4
SHA512

f4485b95831fedd68e8102faba928f94c6c0f9ce27fa32196da2e6e3b98a17942518a76763ac471a33a5dd96ec964deb40e65050362e41f427c8ad585f6ee12f
SSDEEP

24576:mAndAaknFA/EEhHkaDLqfdDojUPw3hjFXLZ15caFS1vp:m1tn+/thHkofjR10YM

Score

10^/10

xmrig antivm discovery execution miner persistence privilege_escalation upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

arm7.elf

Resource

debian9-armhf-20240611-en

xmrig antivm discovery execution miner persistence privilege_escalation

debian-9-armhf

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  arm7.elf
- Size
  
  1.1MB
- MD5
  
  a1adf45d4491d7075c2329d0f132792b
- SHA1
  
  4f417fcf288220efee800e58a9f27e4374cea4da
- SHA256
  
  bf45cffbc11cf408e600442b7cb87dc28f56b7d165781c499f9fd1a148cc5ff4
- SHA512
  
  f4485b95831fedd68e8102faba928f94c6c0f9ce27fa32196da2e6e3b98a17942518a76763ac471a33a5dd96ec964deb40e65050362e41f427c8ad585f6ee12f
- SSDEEP
  
  24576:mAndAaknFA/EEhHkaDLqfdDojUPw3hjFXLZ15caFS1vp:m1tn+/thHkofjR10YM
Score

10^/10

xmrig antivm discovery execution miner persistence privilege_escalation
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Contacts a large (1386329) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- XMRig Miner payload
  miner
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalation
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigantivmdiscoveryexecutionminerpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy