xmrig_linux | f2adb0283ed8d61bcbad39af607621346d13a25ac42b8b94a20e9f5d4b6e0ffa | Triage

Sharing

General

Target

ultra_87e513c8
Size

1.3MB
Sample

250320-hwvgcawyas
MD5

c6f82202d8623c30a012617ea42d8cc1
SHA1

edbcb3d11cbe9b4c24b9452447d42e3b6337abae
SHA256

f2adb0283ed8d61bcbad39af607621346d13a25ac42b8b94a20e9f5d4b6e0ffa
SHA512

043449c6e055b188995d51d6c97be1f790c1208ce88a0132989160c57042ee717237d143e9b98e8ea38e26825e4029355963663132540b857ebf2778126a8b96
SSDEEP

12288:rFKoaeSf3p7BHjYU9PQM2DNdBIdRUEksDszUeaXmy1GsX/jL8C10p5k:qeSf3p9Ht9PQM25dBIdmEkMs+oHCO

Score

10^/10

xmrig_linux credential_access defense_evasion discovery execution linux miner privilege_escalation rootkit

Malware Config

Targets

- Target
  
  ultra_87e513c8
- Size
  
  1.3MB
- MD5
  
  c6f82202d8623c30a012617ea42d8cc1
- SHA1
  
  edbcb3d11cbe9b4c24b9452447d42e3b6337abae
- SHA256
  
  f2adb0283ed8d61bcbad39af607621346d13a25ac42b8b94a20e9f5d4b6e0ffa
- SHA512
  
  043449c6e055b188995d51d6c97be1f790c1208ce88a0132989160c57042ee717237d143e9b98e8ea38e26825e4029355963663132540b857ebf2778126a8b96
- SSDEEP
  
  12288:rFKoaeSf3p7BHjYU9PQM2DNdBIdRUEksDszUeaXmy1GsX/jL8C10p5k:qeSf3p9Ht9PQM25dBIdmEkMs+oHCO
Score

10^/10

xmrig_linux credential_access defense_evasion discovery execution miner privilege_escalation rootkit
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- OS Credential Dumping
  Adversaries may attempt to dump credentials to use it in password cracking.
  credential_access
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  Abuse sudo or cached sudo credentials to execute code.
  privilege_escalation defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads list of loaded kernel modules
  Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Sudo and Sudo Caching

Defense Evasion

Abuse Elevation Control Mechanism

Sudo and Sudo Caching

Indicator Removal

Clear Linux or Mac System Logs

Virtualization/Sandbox Evasion

Credential Access

OS Credential Dumping

/etc/passwd and /etc/shadow

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrig_linuxcredential_accessdefense_evasiondiscoveryexecutionminerprivilege_escalationrootkit