Overview
overview
10Static
static
10Linux-Malw...2edf7a
ubuntu-22.04-amd64
10Linux-Malw...6710d7
ubuntu-22.04-amd64
1Linux-Malw...0830a2
ubuntu-22.04-amd64
10Linux-Malw...dcb69d
ubuntu-22.04-amd64
3Linux-Malw...596f0f
ubuntu-18.04-amd64
1Linux-Malw...592210
ubuntu-22.04-amd64
6Linux-Malw...c40b4c
ubuntu-18.04-amd64
1Linux-Malw...cdece2
ubuntu-18.04-amd64
1Linux-Malw...b313ce
ubuntu-18.04-amd64
1Linux-Malw...230a51
ubuntu-22.04-amd64
3Linux-Malw...fc44df
ubuntu-22.04-amd64
7Linux-Malw...e656bb
ubuntu-24.04-amd64
Linux-Malw...644e73
ubuntu-22.04-amd64
1Linux-Malw...b228c2
ubuntu-18.04-amd64
7Linux-Malw...ce1ba6
ubuntu-18.04-amd64
1Linux-Malw...e11460
ubuntu-22.04-amd64
7Linux-Malw...f0c3d2
ubuntu-24.04-amd64
Linux-Malw...3b4abe
ubuntu-22.04-amd64
1Linux-Malw...010e46
ubuntu-22.04-amd64
1Linux-Malw...bf3ce5
ubuntu-22.04-amd64
1Linux-Malw...7c31a2
ubuntu-22.04-amd64
10Linux-Malw...b500a8
ubuntu-24.04-amd64
Linux-Malw...f50827
ubuntu-18.04-amd64
Linux-Malw...f50827
debian-9-armhf
Linux-Malw...f50827
debian-9-mips
Linux-Malw...f50827
debian-9-mipsel
Linux-Malw...109919
ubuntu-18.04-amd64
Linux-Malw...109919
debian-9-armhf
Linux-Malw...109919
debian-9-mips
Linux-Malw...109919
debian-9-mipsel
Linux-Malw...95127b
ubuntu-18.04-amd64
1Linux-Malw...878b1a
debian-9-mips
Analysis
-
max time kernel
0s -
max time network
8s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
17/02/2025, 18:23
Static task
static1
Behavioral task
behavioral1
Sample
Linux-Malware-Samples-main/00ae07c9fe63b080181b8a6d59c6b3b6f9913938858829e5a42ab90fb72edf7a
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
Behavioral task
behavioral2
Sample
Linux-Malware-Samples-main/03bb1cfd9e45844701aabc549f530d56f162150494b629ca19d83c1c696710d7
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
Behavioral task
behavioral3
Sample
Linux-Malware-Samples-main/04b5e29283c60fcc255f8d2f289238430a10624e457f12f1bc866454110830a2
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral4
Sample
Linux-Malware-Samples-main/05ca0e0228930e9ec53fe0f0b796255f1e44ab409f91bc27d20d04ad34dcb69d
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral5
Sample
Linux-Malware-Samples-main/060b01f15c7fab6c4f656aa1f120ebc1221a71bca3177f50083db0ed77596f0f
Resource
ubuntu1804-amd64-20240729-en
ubuntu-18.04-amd64
Behavioral task
behavioral6
Sample
Linux-Malware-Samples-main/063830221431f8136766f2d740df6419c8cd2f73b10e07fa30067df506592210
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral7
Sample
Linux-Malware-Samples-main/06ed8158a168fa9635ed8d79679587f45cfd9825859e346361443eda0fc40b4c
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral8
Sample
Linux-Malware-Samples-main/07d57c97f6af84f35a122b8a98f44242ac9da67f135cc337a88a231906cdece2
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral9
Sample
Linux-Malware-Samples-main/0824494fb7b70a21e990854fe43386c6037fa31b4edc6d709e83a40dffb313ce
Resource
ubuntu1804-amd64-20240729-en
ubuntu-18.04-amd64
Behavioral task
behavioral10
Sample
Linux-Malware-Samples-main/0a4b417193f63a3cce4550e363548384eb007f89e89eb831cf1b7f5ddf230a51
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
Behavioral task
behavioral11
Sample
Linux-Malware-Samples-main/0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df
Resource
ubuntu2204-amd64-20240729-en
ubuntu-22.04-amd64
Behavioral task
behavioral12
Sample
Linux-Malware-Samples-main/0a79399c441fca30d20e79fdabdd23ae33f3e16bf9c012cd1492604a03e656bb
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral13
Sample
Linux-Malware-Samples-main/0ad6c635d583de499148b1ec46d8b39ae2785303e8b81996d3e9e47934644e73
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral14
Sample
Linux-Malware-Samples-main/0afd9f52ddada582d5f907e0a8620cbdbe74ea31cf775987a5675226c1b228c2
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral15
Sample
Linux-Malware-Samples-main/0b1c49ec2d53c4af21a51a34d9aa91e76195ceb442480468685418ba8ece1ba6
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral16
Sample
Linux-Malware-Samples-main/0b22cdc1b1b1f944e4ca8fced2e234d14aeeef830970e8ae7491cbdcb3e11460
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral17
Sample
Linux-Malware-Samples-main/0b9d850ad22de9ed4951984456e77789793017e9df41271c58f45f411ef0c3d2
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral18
Sample
Linux-Malware-Samples-main/0bc9818011ff606efd3da8f1ad246f1445cdc6e74f606a1f70f4db99053b4abe
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
Behavioral task
behavioral19
Sample
Linux-Malware-Samples-main/0d7960a39b92dad88986deea6e5861bd00fb301e92d550c232aebb36ed010e46
Resource
ubuntu2204-amd64-20240729-en
ubuntu-22.04-amd64
Behavioral task
behavioral20
Sample
Linux-Malware-Samples-main/0d9a34fd35ea6aa090c93f6f8310e111f9276bacbdf5f14e5f1f8c1dc7bf3ce5
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral21
Sample
Linux-Malware-Samples-main/0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2
Resource
ubuntu2204-amd64-20240729-en
ubuntu-22.04-amd64
Behavioral task
behavioral22
Sample
Linux-Malware-Samples-main/0e492a3be57312e9b53ea378fa09650191ddb4aee0eed96dfc71567863b500a8
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral23
Sample
Linux-Malware-Samples-main/0f09e9e976cb08a75e787514536b63f3ad89b8a66ff1fcaaef33c0c032f50827
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral24
Sample
Linux-Malware-Samples-main/0f09e9e976cb08a75e787514536b63f3ad89b8a66ff1fcaaef33c0c032f50827
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral25
Sample
Linux-Malware-Samples-main/0f09e9e976cb08a75e787514536b63f3ad89b8a66ff1fcaaef33c0c032f50827
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral26
Sample
Linux-Malware-Samples-main/0f09e9e976cb08a75e787514536b63f3ad89b8a66ff1fcaaef33c0c032f50827
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral27
Sample
Linux-Malware-Samples-main/0f1b064c3f497db73a18166da367b5c3c2900aa9b00812faf97d04d3f5109919
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral28
Sample
Linux-Malware-Samples-main/0f1b064c3f497db73a18166da367b5c3c2900aa9b00812faf97d04d3f5109919
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral29
Sample
Linux-Malware-Samples-main/0f1b064c3f497db73a18166da367b5c3c2900aa9b00812faf97d04d3f5109919
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral30
Sample
Linux-Malware-Samples-main/0f1b064c3f497db73a18166da367b5c3c2900aa9b00812faf97d04d3f5109919
Resource
debian9-mipsel-20240226-en
debian-9-mipsel
Behavioral task
behavioral31
Sample
Linux-Malware-Samples-main/0f7838d0c16c24cb3b8ffc3573cc94fd05ec0e63fada3d10ac02b9c8bd95127b
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral32
Sample
Linux-Malware-Samples-main/1020ce1f18a2721b873152fd9f76503dcba5af7b0dd26d80fdb11efaf4878b1a
Resource
debian9-mipsbe-20240418-en
debian-9-mips
General
-
Target
Linux-Malware-Samples-main/0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2
-
Size
2.5MB
-
MD5
c76b11be6fdeb10b7fccd678b42a7c97
-
SHA1
e205276a72a6ae17adac5a4ed10123117e5a4e0f
-
SHA256
0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2
-
SHA512
1fc1ea1acd43d43fd4ee5b2d362246db95a36b16b3fa66c79466d96115a2c265f6b61602aa74e2f15e1aeef0bfa47ce6826bd7088ec53908cc5f103408d72a65
-
SSDEEP
49152:oIgrtR1Vl3vrk0c6wOu4hMs9jvlOQhmRYSoXFIz9MZeaFquFUTf80MGIDY9G:oIYtR1VK0c6wOu4PJ1wYTUA0M2G
Malware Config
Signatures
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Deletes itself 1 IoCs
pid Process 1563 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 -
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_name 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/board_vendor 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/bios_vendor 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/sys_vendor 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 -
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/product_uuid 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/board_serial 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/bios_version 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/product_version 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/product_serial 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/board_version 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/bios_date 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/board_name 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/chassis_type 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/chassis_version 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id/chassis_serial 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself EsstDGeq 1563 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 -
Reads CPU attributes 1 TTPs 2 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/system/cpu/possible 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 -
Enumerates kernel/hardware configuration 1 TTPs 53 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/bus/cpu/devices/cpu0/topology/physical_package_id 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/kernel/mm/hugepages 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/fs/cgroup/cgroup.controllers 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/shared_cpu_map 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/level 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/level 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/topology/package_cpus 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_cpus 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/coherency_line_size 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/number_of_sets 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index6/shared_cpu_map 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/node/devices/node0/cpumap 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/number_of_sets 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/physical_line_partition 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/node/devices/node0/hugepages 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/level 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/dax/devices/target_node 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/fs/cgroup/cpuset.cpus.effective 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/fs/cgroup/cpuset.mems.effective 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/shared_cpu_map 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/size 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/number_of_sets 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/size 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/type 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/type 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/shared_cpu_map 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/physical_line_partition 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/system/node/online 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index0/level 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/type 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/node/devices/node0/meminfo 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/topology/die_cpus 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/dax/target_node 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/topology/core_id 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index1/type 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-2048kB/nr_hugepages 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/dax/devices 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/node/devices/node0/access0/initiators 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index3/size 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index8/shared_cpu_map 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/bus/node/devices/node0/hugepages/hugepages-1048576kB/nr_hugepages 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /sys/devices/virtual/dmi/id 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 -
description ioc Process File opened for reading /proc/meminfo 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /proc/driver/nvidia/gpus 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /proc/mounts 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 File opened for reading /proc/self/cpuset 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/.X11-unix/11 0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2
Processes
-
/tmp/Linux-Malware-Samples-main/0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a2/tmp/Linux-Malware-Samples-main/0dcfa54a7e8a4e631ef466670ce604a61f3b0e8b3e9cf72c943278c0f77c31a21⤵
- Deletes itself
- Checks hardware identifiers (DMI)
- Reads hardware information
- Changes its process name
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1563
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5239a7b3f7dfebbd099500f8dd4aaad6a
SHA19d263020320fe5d6af6ee12690b3c4cb38e57e70
SHA256f932f15ce9feee8ba7d661ecdc75e1b34365acae7bdfaea5295a7fe5c78d6d91
SHA512c18b3bbe14541d1070c61749a933f7d57eb2b0fbbed4ddc7c5b0725bfaa427d007b3c4f2c00b7f3e5222aed9bcea7ea32f2dd19ccb73d8e5192ebf92478236d7