Analysis
-
max time kernel
149s -
max time network
143s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20250307-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
17/03/2025, 00:07
Behavioral task
behavioral1
Sample
sshd
Resource
ubuntu2404-amd64-20250307-en
ubuntu-24.04-amd64
9 signatures
150 seconds
General
-
Target
sshd
-
Size
9.0MB
-
MD5
6ecd40a1bf9a75be1d486475c594c639
-
SHA1
6875acdc87547f7d3655a0c60690e8d4eda58586
-
SHA256
d911729c126ba6b979167ec22146ab1d804c6dfa399e861fca0889d7bbc00884
-
SHA512
bb1648ee3ed4032a1610f9f38ca900d0560f4bf315f05190cd14b2ae1e175c02d4c82c7d72d7403eaec772c807fd56b297e44626d06897841420571f3147ce25
-
SSDEEP
196608:V5jZuGB+meNpJHo97DtwevyEt9z4cThn3hs:V5jZuprNpy9NkcThn3
Score
10/10
Malware Config
Signatures
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Cryptocurrency Miner
Makes network request to known mining pool URL.
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/bios_vendor sshd File opened for reading /sys/devices/virtual/dmi/id/sys_vendor sshd File opened for reading /sys/devices/virtual/dmi/id/product_name sshd File opened for reading /sys/devices/virtual/dmi/id/board_vendor sshd -
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/devices/virtual/dmi/id/board_serial sshd File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag sshd File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor sshd File opened for reading /sys/devices/virtual/dmi/id/chassis_serial sshd File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag sshd File opened for reading /sys/devices/virtual/dmi/id/bios_date sshd File opened for reading /sys/devices/virtual/dmi/id/product_version sshd File opened for reading /sys/devices/virtual/dmi/id/product_serial sshd File opened for reading /sys/devices/virtual/dmi/id/product_uuid sshd File opened for reading /sys/devices/virtual/dmi/id/board_name sshd File opened for reading /sys/devices/virtual/dmi/id/board_version sshd File opened for reading /sys/devices/virtual/dmi/id/chassis_type sshd File opened for reading /sys/devices/virtual/dmi/id/chassis_version sshd File opened for reading /sys/devices/virtual/dmi/id/bios_version sshd -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo sshd -
Reads CPU attributes 1 TTPs 46 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus sshd File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map sshd File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map sshd File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency sshd File opened for reading /sys/devices/system/cpu/cpu0/cpu_capacity sshd File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map sshd File opened for reading /sys/devices/system/cpu/cpu0/acpi_cppc/nominal_freq sshd File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map sshd File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets sshd File opened for reading /sys/devices/system/cpu/possible sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level sshd File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map sshd File opened for reading /sys/devices/system/cpu/online sshd File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus sshd -
Enumerates kernel/hardware configuration 1 TTPs 26 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/devices/system/node/node0/hugepages sshd File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth sshd File opened for reading /sys/devices/virtual/dmi/id sshd File opened for reading /sys/fs/cgroup/cpuset.cpus.effective sshd File opened for reading /sys/fs/cgroup/cpuset.mems.effective sshd File opened for reading /sys/bus/dax/devices sshd File opened for reading /sys/devices/system/node/node0/access1/initiators sshd File opened for reading /sys/devices/system/node/node0/access0/initiators sshd File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency sshd File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages sshd File opened for reading /sys/devices/system/node/online sshd File opened for reading /sys/devices/system/node/node0/meminfo sshd File opened for reading /sys/firmware/dmi/tables/smbios_entry_point sshd File opened for reading /sys/firmware/dmi/tables/DMI sshd File opened for reading /sys/bus/soc/devices sshd File opened for reading /sys/devices/cpu_core/cpus sshd File opened for reading /sys/kernel/mm/hugepages sshd File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages sshd File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth sshd File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency sshd File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages sshd File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages sshd File opened for reading /sys/devices/system/cpu sshd File opened for reading /sys/devices/cpu_atom/cpus sshd File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages sshd File opened for reading /sys/devices/system/node/node0/cpumap sshd -
description ioc Process File opened for reading /proc/driver/nvidia/gpus sshd File opened for reading /proc/sys/vm/nr_hugepages sshd File opened for reading /proc/cmdline sshd File opened for reading /proc/self/cpuset sshd File opened for reading /proc/meminfo sshd