Overview

overview

10

Static

static

10

Linux-Malw...2edf7a

ubuntu-22.04-amd64

10

Linux-Malw...6710d7

ubuntu-22.04-amd64

1

Linux-Malw...0830a2

ubuntu-22.04-amd64

10

Linux-Malw...dcb69d

ubuntu-22.04-amd64

3

Linux-Malw...596f0f

ubuntu-18.04-amd64

1

Linux-Malw...592210

ubuntu-22.04-amd64

6

Linux-Malw...c40b4c

ubuntu-18.04-amd64

1

Linux-Malw...cdece2

ubuntu-18.04-amd64

1

Linux-Malw...b313ce

ubuntu-18.04-amd64

1

Linux-Malw...230a51

ubuntu-22.04-amd64

3

Linux-Malw...fc44df

ubuntu-22.04-amd64

7

Linux-Malw...e656bb

ubuntu-24.04-amd64

Linux-Malw...644e73

ubuntu-22.04-amd64

1

Linux-Malw...b228c2

ubuntu-18.04-amd64

7

Linux-Malw...ce1ba6

ubuntu-18.04-amd64

1

Linux-Malw...e11460

ubuntu-22.04-amd64

7

Linux-Malw...f0c3d2

ubuntu-24.04-amd64

Linux-Malw...3b4abe

ubuntu-22.04-amd64

1

Linux-Malw...010e46

ubuntu-22.04-amd64

1

Linux-Malw...bf3ce5

ubuntu-22.04-amd64

1

Linux-Malw...7c31a2

ubuntu-22.04-amd64

10

Linux-Malw...b500a8

ubuntu-24.04-amd64

Linux-Malw...f50827

ubuntu-18.04-amd64

Linux-Malw...f50827

debian-9-armhf

Linux-Malw...f50827

debian-9-mips

Linux-Malw...f50827

debian-9-mipsel

Linux-Malw...109919

ubuntu-18.04-amd64

Linux-Malw...109919

debian-9-armhf

Linux-Malw...109919

debian-9-mips

Linux-Malw...109919

debian-9-mipsel

Linux-Malw...95127b

ubuntu-18.04-amd64

1

Linux-Malw...878b1a

debian-9-mips

Sharing

Copy URL
Twitter E-mail

General

  • Target

    main.zip

  • Size

    542.6MB

  • Sample

    250217-w1g9gasms2

  • MD5

    b603ed8079894058f362a9578dbdbabe

  • SHA1

    781f99f53863d512a180be616a540b6aed9a9729

  • SHA256

    853af5ed57a9ad4a2205553583ca5a11b18c1518d5bab1712b3555afab8d72a0

  • SHA512

    b8f976b265d8413ed97bfb69869b5be6da18ba85e9378894456801eae74f2b5b984b31a2682544d30b7745861c5284b5d68db0b8e7fd88ee2d543f548f1c3784

  • SSDEEP

    12582912:94nf4WDDVV/tZRRRbNOoMRruDPhOltJPNoF2N5fLfYAA0:90f4Y7tZDRbNPwA6xNnTYAA0

Score
10/10
connectbackeburygafgytkaitenmerlinmetasploitmiraiprometei_elfxmrigxmrig_linuxaresdemonsantivmbotnetcredential_accessdefense_evasiondiscoverylinuxminerupx

Malware Config

Extracted

Family

gafgyt

C2

255.255.255.255:1900

194.15.36.193:666

107.175.69.129:12345

194.87.138.40:700

51.222.140.164:839

107.175.69.114:812

50.115.174.112:839

167.99.218.185:800

85.209.0.57:4258

157.245.83.214:4258

185.239.242.109:4269

149.56.7.255:839

45.141.58.75:839

13.81.41.97:872

46.29.163.64:443

23.94.136.122:1738

193.239.147.7:4258

79.139.57.55:1845

37.49.230.53:1111

193.239.147.192:23

Extracted

Family

mirai

Botnet

ARES

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.2.154:1234

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

10.0.2.97:6666

192.168.2.153:1234

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

connectback

C2

10.5.31.54:4445

192.168.0.108:443

173.82.202.138:8443

Extracted

Family

mirai

C2

twin.zu-mm.com

state.zu-mm.com

Targets

    • Target

      Linux-Malware-Samples-main/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a

    • Size

      7.7MB

    • MD5

      c34b120cfc08b0d0591038f0656f9944

    • SHA1

      f6af73bcb8365c1db0565b8e37f67b89cdd03859

    • SHA256

      00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a

    • SHA512

      032c13db6ff5de0d3fba9ee1b48cd5d804d2673ef9e55b99fdb0eb6e6bef8456c9f2a50ed64dc4f651d41ab5abab6b0bf3e29dbd1dd555e1387974fd1673a669

    • SSDEEP

      196608:1su1A1I4qqzCyBzKkHyml91AKIaVYixMP32Tqngv0s:1s4A1I4qqzCyBrHL91qamngv

    Score
    10/10
    xmrig_linuxminer
    behavioral1

    • Target

      Linux-Malware-Samples-main/03bb1cfd9e45844701aabc549f530d56f162150494b629ca19d83c1c696710d7

    • Size

      2.5MB

    • MD5

      ba9d7605c01400d84eeebf5d119ecec3

    • SHA1

      f274603c9561f6695dbc90aae64bd081adc0a960

    • SHA256

      03bb1cfd9e45844701aabc549f530d56f162150494b629ca19d83c1c696710d7

    • SHA512

      44c0d10810c0d040a152680d81589bbdc872a2f6d8638b03e73b71fefcc35121120a4c6f609f74c84d71ffdd96525a13cad9748406906f36a4f021da3f74987a

    • SSDEEP

      49152:AyjFTW8LRiG879Oum74e4b2jbDWW9EQaB1N5qcAHSmbh5tApXw:Ay1qG879SzbDReRBNqRxP

    Score
    1/10
    behavioral2

    • Target

      Linux-Malware-Samples-main/04b5e29283c60fcc255f8d2f289238430a10624e457f12f1bc866454110830a2

    • Size

      5.5MB

    • MD5

      1645021b413ad8a7e8c9ddb3fe0d8655

    • SHA1

      a41531a3c9e11cb697aa5b801ef7218e7650b9fe

    • SHA256

      04b5e29283c60fcc255f8d2f289238430a10624e457f12f1bc866454110830a2

    • SHA512

      8b28422c18b25d1ab0b9f8578e91c25f6673cc87fcf07b3e743c190c01590e3b5a16fd75e4ec208c3199e437e595a27c04a01a443bb48d4f3d5685500ef61288

    • SSDEEP

      98304:xcs0sgKVVKMVKmGjEj/jM8MMM8MMMMMwMMwbvUvUvkGjrGjPjORF4PI31l/cUdVo:h0iG41OoHSaBaXTejEvbo

    Score
    10/10
    xmrig_linuxantivmdiscoveryminer

    • Xmrig_linux family

      xmrig_linux

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

      discovery
    behavioral3

    • Target

      Linux-Malware-Samples-main/05ca0e0228930e9ec53fe0f0b796255f1e44ab409f91bc27d20d04ad34dcb69d

    • Size

      4.8MB

    • MD5

      f41287aa904a2ef1f16c408b4ce81e4a

    • SHA1

      fc9db11674c9f918668a9d143f17235ea65f9ff4

    • SHA256

      05ca0e0228930e9ec53fe0f0b796255f1e44ab409f91bc27d20d04ad34dcb69d

    • SHA512

      68bcb10cf86b8e25e7025b80de7fe71add94ce141f273251628289e675f0055c6b924b467e3d534c2b96763cb26c9538091fc87066586fae9560361b78be0420

    • SSDEEP

      98304:GZCRScDTjTiNLOGcsFZcXaM/iVWr3y1fLqN7+xQejD+u1qdnz+J:PNuLOGcsvBuiVB1fMKxQejD+Tz+

    Score
    3/10
    discovery
    behavioral4

    • Target

      Linux-Malware-Samples-main/060b01f15c7fab6c4f656aa1f120ebc1221a71bca3177f50083db0ed77596f0f

    • Size

      24KB

    • MD5

      4e9746da0cd44adef97807df76128054

    • SHA1

      eba1f58d025c1be43de585ebed27fc65d0caecc3

    • SHA256

      060b01f15c7fab6c4f656aa1f120ebc1221a71bca3177f50083db0ed77596f0f

    • SHA512

      129601b39b5b4a6878c6359016111a050086ab204028a3be5d06b4115535059410de1e22b43e7f765dfb18627bf85e151e854b6193c2785da740e1262f569824

    • SSDEEP

      384:hBb5y9mJiD1gh8MOFgnUOS0/P087x2nJ8L6i594HgDJxj97cV:hBb5yQMRghEgC8L6IeEncV

    Score
    1/10
    behavioral5

    • Target

      Linux-Malware-Samples-main/063830221431f8136766f2d740df6419c8cd2f73b10e07fa30067df506592210

    • Size

      101KB

    • MD5

      2adc7a584cae93fbeaf2b584382b35a8

    • SHA1

      0e63b5da629a192551b0644426c811560cf9ba36

    • SHA256

      063830221431f8136766f2d740df6419c8cd2f73b10e07fa30067df506592210

    • SHA512

      a2732abf72bc5f9558b07cca6d65114d70dae97b64c31efdcbc6edc23d04e9f9d33b1a3836e1f38055c8d95a7d694503578bdf6911a36eb093573d031ffe878b

    • SSDEEP

      3072:1d0wyuYlPcjFbFORMkNR85vcf2nNeC7S1VL92HS4NB:rwRpDIIC7S1VL92HS4NB

    Score
    6/10
    discovery

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery
    behavioral6

    • Target

      Linux-Malware-Samples-main/06ed8158a168fa9635ed8d79679587f45cfd9825859e346361443eda0fc40b4c

    • Size

      240KB

    • MD5

      6e1a831b9b30c576ae7ecf1921b1df1a

    • SHA1

      b2572d5e4b1a0fe0c3ef9349c70f9080312af406

    • SHA256

      06ed8158a168fa9635ed8d79679587f45cfd9825859e346361443eda0fc40b4c

    • SHA512

      cc8cafb2ff66fe650d8f55bbabfb2915f2625a8c736e84347f04fb158b73afcfebfc9cfa6fb35c7742c52c76a7449a69efe157457c66052e913521ea01731f48

    • SSDEEP

      6144:7tZk8fMKP5BQ2IUvGR0sAP4rKRO8xKFaA:LfMKBIU6APV81aA

    Score
    1/10
    behavioral7

    • Target

      Linux-Malware-Samples-main/07d57c97f6af84f35a122b8a98f44242ac9da67f135cc337a88a231906cdece2

    • Size

      20KB

    • MD5

      11103198e658b0b965e7b70b5281e37f

    • SHA1

      148c0f75e0f93aa2d4a675667e599a3df75bacc0

    • SHA256

      07d57c97f6af84f35a122b8a98f44242ac9da67f135cc337a88a231906cdece2

    • SHA512

      7c65a8148d438d4124364956082820c3c3be0cd730b003649ab7659e695784f2087236d6af2850c9fb94c34864fb21c899fc0632797c54544099b269354000c7

    • SSDEEP

      384:BLXroVuHszrtRfdD66piYb0EQR3yzhCWA:NPMntvfT0EQByzcWA

    Score
    1/10
    behavioral8

    • Target

      Linux-Malware-Samples-main/0824494fb7b70a21e990854fe43386c6037fa31b4edc6d709e83a40dffb313ce

    • Size

      26KB

    • MD5

      0b9b3668a2289fb373ab194c0c4395b3

    • SHA1

      43b338bb61803fdb9f89b986f01cec377ede0998

    • SHA256

      0824494fb7b70a21e990854fe43386c6037fa31b4edc6d709e83a40dffb313ce

    • SHA512

      c7cbabe4a4e40479d9860509f792e2e400c2f39c8e6965dda3f0ed33278b9ca78d7236e7f08741e80d81ad03ae88f2b6a2429294b58624c134f05b6053f80c92

    • SSDEEP

      384:7pUUGgBMZciYQQPSyzfo9zQV3j2qTfdfAlaxldl/Ld4O4:7pUUlB4clSy7fJwaxldlC

    Score
    1/10
    behavioral9

    • Target

      Linux-Malware-Samples-main/0a4b417193f63a3cce4550e363548384eb007f89e89eb831cf1b7f5ddf230a51

    • Size

      83KB

    • MD5

      f580c806161ceb9686456e4bf0c92feb

    • SHA1

      6dd93fa91485737decc888f04383a0d9ed7ce929

    • SHA256

      0a4b417193f63a3cce4550e363548384eb007f89e89eb831cf1b7f5ddf230a51

    • SHA512

      9af6f60d617ad4f766c7c09b681dfc3ec46195cf1bcc7aaf7f30662034121b7ab297e8e975b220472ea01c291b0221c5597142339929e9910683e9dc5588a0ec

    • SSDEEP

      1536:0+sKkRV6HT9ew0r8GK4sTdhAce7dWn5q690KKNkbP7+VV4+cRMYCTT9+Rf:0kk36HT9Z0r8ssT4forB6kbj+VK+cRM8

    Score
    3/10
    discovery
    behavioral10

    • Target

      Linux-Malware-Samples-main/0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df

    • Size

      2.4MB

    • MD5

      283e0172063d1a23c20c6bca1ed0d2bb

    • SHA1

      08ee7bdd0e015e6ab7a8893254b62b2c2a4a18c7

    • SHA256

      0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df

    • SHA512

      257960f0c02811cb3174226649330e2d11e868dd4107ca38f66a5ca9b064898a3e509859bb1c9d630ef8e74b6a766aa10e4d8d8dd57d7e1445baeeb06b0d297c

    • SSDEEP

      49152:kXvwER8s/Oggpz/K1Cg4TdRYd3fJS+/OOg0HZ+ECsfLm:oF5g63fJ3Jg0HXS

    Score
    7/10
    discoveryupx

    • Runs EXE from memory

      Runs an executable from memory, likely to minimize footprint

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11

    • Target

      Linux-Malware-Samples-main/0a79399c441fca30d20e79fdabdd23ae33f3e16bf9c012cd1492604a03e656bb

    • Size

      150KB

    • MD5

      15ef5bc64545fcb21b168697a1314cf1

    • SHA1

      19c58334820bccf560e5aaf6cf4a60cdf30c2ba4

    • SHA256

      0a79399c441fca30d20e79fdabdd23ae33f3e16bf9c012cd1492604a03e656bb

    • SHA512

      42e9c5d8f2b98e6f75f08778086f633a6c02f4c30b77e4705971f2771b19a40f521bed25c05e76ddff1c294a3d21292da2de2053e4831fc0ef6b860466c29892

    • SSDEEP

      3072:dgxR+15GC5Z5J9Sqm+H8CxVDPD42sR7qYwkHdk51mYq:H5J9SvCxVDP8Hdk5

    Score
    1/10
    behavioral12

    • Target

      Linux-Malware-Samples-main/0ad6c635d583de499148b1ec46d8b39ae2785303e8b81996d3e9e47934644e73

    • Size

      6.9MB

    • MD5

      ed315ffe728bde08559d21341917d2eb

    • SHA1

      7b3f335d24e0ebb7d473ec2d64a3db948bf10581

    • SHA256

      0ad6c635d583de499148b1ec46d8b39ae2785303e8b81996d3e9e47934644e73

    • SHA512

      06e709522987cf311d3c66fb6ac0f811650d49d1582353c23f6777c602c135f91642c2b26bca8efcce629dc8362828815716630192f39bfdf03f33f0593b8e33

    • SSDEEP

      196608:eytTwY/9Hdz/Nd+MTg0cGP8wsmhmQbwBmt+:eytTwY/9Hdz14MTg0cKhmQbUmt+

    Score
    1/10
    behavioral13

    • Target

      Linux-Malware-Samples-main/0afd9f52ddada582d5f907e0a8620cbdbe74ea31cf775987a5675226c1b228c2

    • Size

      222KB

    • MD5

      6d3143576c48c1dae88ca48742431f6e

    • SHA1

      9d54f990c69390405c2183ddb86023d9c7a55845

    • SHA256

      0afd9f52ddada582d5f907e0a8620cbdbe74ea31cf775987a5675226c1b228c2

    • SHA512

      0951df9dd84e3df1dfd99a60a17ce6b49a5d2b69266666d99989281a6bd51c03bff0af8ce21c78a798407c7f139a198202979e6338eefb47dc7b73db1b8eba4b

    • SSDEEP

      6144:yhMZEEwR4uTMfbjVphafsTZTUYZw9mAJpDoXICgShlVtEANU:yhM8TU1ph4mwLDoXICgShlVtlNU

    Score
    7/10
    credential_accessdefense_evasiondiscovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery

    • Writes file to system bin folder

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral14

    • Target

      Linux-Malware-Samples-main/0b1c49ec2d53c4af21a51a34d9aa91e76195ceb442480468685418ba8ece1ba6

    • Size

      9.0MB

    • MD5

      eff7cf04c5d9a907dc6760c9e4604e6c

    • SHA1

      af72b4c55a34a1d6fd2326a2f995d8b550e4c093

    • SHA256

      0b1c49ec2d53c4af21a51a34d9aa91e76195ceb442480468685418ba8ece1ba6

    • SHA512

      4a253efae148fd93ddd35cca430a0cbdd93c7c501c43a099225e470283eee02a8097a05faaecf075ddf78ee3720ad1c67d249982706f35c02ec3f977c62a43d9

    • SSDEEP

      98304:SoR37Ts7bFmNe+mk/0lOD3rJz0Fi+Oi2gmgWX7QQ3kgy9jqE:R/sNmw+TvJ+iIne7QQ3k

    Score
    1/10
    behavioral15

    • Target

      Linux-Malware-Samples-main/0b22cdc1b1b1f944e4ca8fced2e234d14aeeef830970e8ae7491cbdcb3e11460

    • Size

      13KB

    • MD5

      3871cfbee9b6fab4d7cf65cd18a1353a

    • SHA1

      52e8d2e4fe038698879a9dc13d7324e575266b27

    • SHA256

      0b22cdc1b1b1f944e4ca8fced2e234d14aeeef830970e8ae7491cbdcb3e11460

    • SHA512

      507f14d02a90fa38d79cb80d9722cc8d2ef5803666811f22d17954cfb10338d849f4e6b441aca3539a547570bd04efb6f45b90546cc37077d9a54eec34e28a2a

    • SSDEEP

      192:GQIs/9FmdojAEl1bFf1VWdhsq5OT3KPoS:/5/9F6WjFNEdGq

    Score
    7/10

    • Traces itself

      Traces itself to prevent debugging attempts

    behavioral16

    • Target

      Linux-Malware-Samples-main/0b9d850ad22de9ed4951984456e77789793017e9df41271c58f45f411ef0c3d2

    • Size

      5.0MB

    • MD5

      7690d536e8ac6cc3c33f397204d02d72

    • SHA1

      4f263f1d9ecf4582dafb076ae64d4ac1ee8919a1

    • SHA256

      0b9d850ad22de9ed4951984456e77789793017e9df41271c58f45f411ef0c3d2

    • SHA512

      42272eed0f1d1c099295fe183df5b98b9c3ecad82b6a8116f8e70ffcc031951f9609b57e507539b2ad9e8e65979176da1680e5a8a4d1dd5cf774ed34feac557d

    • SSDEEP

      98304:4poESIS6NwJYA41hQrl3DN3WE5wV2sZ2fX6neuutR4RxlIfsCO:6nIt41h+1DN3ry2sZ2fXVwluvO

    Score
    1/10
    behavioral17

    • Target

      Linux-Malware-Samples-main/0bc9818011ff606efd3da8f1ad246f1445cdc6e74f606a1f70f4db99053b4abe

    • Size

      4.9MB

    • MD5

      df096d49324b430211416204aa00d20d

    • SHA1

      447402014535524370b7b6a8571b3aef20c1e92c

    • SHA256

      0bc9818011ff606efd3da8f1ad246f1445cdc6e74f606a1f70f4db99053b4abe

    • SHA512

      9c6c97780cf9737275ae4fde670433a84a65eddc9069e4ddd4fb477a23843429470079cf9b1d6862174f5eecff714842c883e6746cc74920aa64e3174fed467c

    • SSDEEP

      49152:NXts5ylph1OKOeLlW1kFHPwPec1z400aeFdPl/4r3VQs8HWcDUw12wOz32BJ7AZb:Bpl71QbWMv1s0xCWrPLOh8

    Score
    1/10
    behavioral18

    • Target

      Linux-Malware-Samples-main/0d7960a39b92dad88986deea6e5861bd00fb301e92d550c232aebb36ed010e46

    • Size

      4.1MB

    • MD5

      ccdaa9047367569e12f40269af4865fa

    • SHA1

      5607c3b6bbe36559b36b35b14d22d18fd840c982

    • SHA256

      0d7960a39b92dad88986deea6e5861bd00fb301e92d550c232aebb36ed010e46

    • SHA512

      5176087502cd5ab309de4c814ca6c4e479b2a0502dc143706977a47398db3a052894765f07645a20ab25f480d55d48533306815b2519ffa6369155788d7d2137

    • SSDEEP

      98304:gIrqlpRaj6TfEAGsipxKI0lOOOOOiOOOiO+O+TxkxkxPpxNpxjrpdhIFoTY+J1pQ:Hj6TfEyjm2hvDDs

    Score
    1/10
    behavioral19

    • Target

      Linux-Malware-Samples-main/0d9a34fd35ea6aa090c93f6f8310e111f9276bacbdf5f14e5f1f8c1dc7bf3ce5

    • Size

      17KB

    • MD5

      3cbeeb229d35d3b1e6d2ed6bba98906f

    • SHA1

      78703eade6a36928cc0399462d10785f75622bf2

    • SHA256

      0d9a34fd35ea6aa090c93f6f8310e111f9276bacbdf5f14e5f1f8c1dc7bf3ce5

    • SHA512

      320ebf67e3756cda05a4c227efbd7479ee3d1b21d7187c258d4498dd1b9b75db36e44ec6918e2a0b3da484f936160f5ebe028bd9086b11fc5393eb82d37d35a8

    • SSDEEP

      96:Rl4WTb9bB+B53jtPdRg617QDLBojDw7piRuBWfBqoAVzt0:RZdw/ztnwn9A4+soA

    Score
    1/10
    behavioral20

    • Target

      Linux-Malware-Samples-main/0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2

    • Size

      2.5MB

    • MD5

      c76b11be6fdeb10b7fccd678b42a7c97

    • SHA1

      e205276a72a6ae17adac5a4ed10123117e5a4e0f

    • SHA256

      0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2

    • SHA512

      1fc1ea1acd43d43fd4ee5b2d362246db95a36b16b3fa66c79466d96115a2c265f6b61602aa74e2f15e1aeef0bfa47ce6826bd7088ec53908cc5f103408d72a65

    • SSDEEP

      49152:oIgrtR1Vl3vrk0c6wOu4hMs9jvlOQhmRYSoXFIz9MZeaFquFUTf80MGIDY9G:oIYtR1VK0c6wOu4PJ1wYTUA0M2G

    Score
    10/10
    xmrig_linuxantivmdiscoveryminer

    • Xmrig_linux family

      xmrig_linux

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • Deletes itself

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

      discovery
    behavioral21

    • Target

      Linux-Malware-Samples-main/0e492a3be57312e9b53ea378fa09650191ddb4aee0eed96dfc71567863b500a8

    • Size

      49KB

    • MD5

      92a049c55539666bebc68c1a5d9d86ef

    • SHA1

      2570dbc59bc78e884677745f9c14a81033d32bcd

    • SHA256

      0e492a3be57312e9b53ea378fa09650191ddb4aee0eed96dfc71567863b500a8

    • SHA512

      756db5da3142544d241b19d7a588d06c383bb1a9436f5267c85e16b00af7446d77e109b097cede62bec4e1b79c57d988e8f1dc8005701ceb6f083bcf4fcefe29

    • SSDEEP

      768:f2g7Yr4ArAn+P802x3EX+UkTPI+ZuSwnlFtCZSdLEq7qUS:P0r4ArO0udUgI+sSwlFt/Yqml

    Score
    1/10
    behavioral22

    • Target

      Linux-Malware-Samples-main/0f09e9e976cb08a75e787514536b63f3ad89b8a66ff1fcaaef33c0c032f50827

    • Size

      884KB

    • MD5

      e5e5ebcf211a0e33c41a04f644648b0f

    • SHA1

      7e0163e1128dfc5e0a9ffee2dba824f625c405dd

    • SHA256

      0f09e9e976cb08a75e787514536b63f3ad89b8a66ff1fcaaef33c0c032f50827

    • SHA512

      57428123b437b97b278bcd33dc7148a73202f1cc7123b89b4da5995237f386136ff269ba823eddeb1d95903929cab5fe482b8d26314bf091cf9973df25593a7f

    • SSDEEP

      12288:XGx+V5ya+Ycx/syZ23aynOJbzb5KYVhRxiW9erF50/Cqw:XGx+V5ya+Ycln4ayIbNEr3p

    Score
    1/10
    behavioral23behavioral24behavioral25behavioral26

    • Target

      Linux-Malware-Samples-main/0f1b064c3f497db73a18166da367b5c3c2900aa9b00812faf97d04d3f5109919

    • Size

      735KB

    • MD5

      b9a4b294dcb839b10fada97ca1fb27a8

    • SHA1

      15d1431230601e275414337e184999c0f6a75a26

    • SHA256

      0f1b064c3f497db73a18166da367b5c3c2900aa9b00812faf97d04d3f5109919

    • SHA512

      884565656fa6051ed3b078c80e504e98323bb1d4c59a87231802c455fbd6cca873ef19e7bc844161650a54e0c07c16cd636b12e0fbff994b6210bd68f775cad5

    • SSDEEP

      12288:efi1MBTLNH581gonviUPD63cA21ZlE50SiqH68igwvmx:efMMBy/ZrkLx

    Score
    1/10
    behavioral27behavioral28behavioral29behavioral30

    • Target

      Linux-Malware-Samples-main/0f7838d0c16c24cb3b8ffc3573cc94fd05ec0e63fada3d10ac02b9c8bd95127b

    • Size

      16KB

    • MD5

      9953bad361132f416354550b6bca6a4b

    • SHA1

      bbc726cb7dafc0bc7c8a3110d9bf6c80e25c4df3

    • SHA256

      0f7838d0c16c24cb3b8ffc3573cc94fd05ec0e63fada3d10ac02b9c8bd95127b

    • SHA512

      69947c553716a17d409e0a921d32413723c1c32fc354a2e3bc29c9ebfd5b795bbaafd0602d00bd13179d512de8f80c872c2c83314f95b5f9981084b201fe8ec4

    • SSDEEP

      96:R+YWT4B+B53vv4gWeondGBw7ptuBWEBdoAVrt0q:RgMw/fAg6nFmtLoAF

    Score
    1/10
    behavioral31

    • Target

      Linux-Malware-Samples-main/1020ce1f18a2721b873152fd9f76503dcba5af7b0dd26d80fdb11efaf4878b1a

    • Size

      1.2MB

    • MD5

      7934a07b32b0be2d8e7d88cc9bcd3078

    • SHA1

      d72aee354539617dc0a6eb9bb2dea71104d1fc65

    • SHA256

      1020ce1f18a2721b873152fd9f76503dcba5af7b0dd26d80fdb11efaf4878b1a

    • SHA512

      79879ccf52b4fda61afea4586fc57868688866b8299232e1bc8367abfbae003851e342c91dcac283638a15fb789736ae236ef550c9f87fdbd317b59c764534f7

    • SSDEEP

      12288:ld5HwuQwEyQ7U/vl0eJFHpKZtLIz3gcTZgZ6SZ0X47WaapafFdB++umrEk92Ux4R:L5HMw6QnqepnpTQ5tdBHnrBonT9

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

minerupxaresdemonsbotnetxmriggafgytmiraimetasploitprometei_elfkaiteneburyconnectbackmerlin
Score
10/10

behavioral1

xmrig_linuxminer
Score
10/10

behavioral2

Score
1/10

behavioral3

xmrig_linuxantivmdiscoveryminer
Score
10/10

behavioral4

discovery
Score
3/10

behavioral5

Score
1/10

behavioral6

discovery
Score
6/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

discovery
Score
3/10

behavioral11

discoveryupx
Score
7/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

credential_accessdefense_evasiondiscovery
Score
7/10

behavioral15

Score
1/10

behavioral16

Score
7/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

xmrig_linuxantivmdiscoveryminer
Score
10/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10