General
-
Target
.main.elf
-
Size
918KB
-
Sample
250321-wzxmrsvyb1
-
MD5
874e46dcc17a730a979a3b8853635f13
-
SHA1
05dee4a5ae043750a2d0e2bd9b79e1825a15d1fc
-
SHA256
af508a2d4957cc29eb75519ea027bce5ed412f0b8bda9193dd3b4673eae7df28
-
SHA512
ef1d3337dd143e31ff49400bbe41f34e414308cf23f9ccd6adc4af34600b4e738da9fdc458941dd1ec0e27b922e2516c22bf2e8ad2c156b71613573b7157dab8
-
SSDEEP
12288:qARJ0BriE6YngDkV5tkui3hp4GyoJzBONt+zbyyUbRkoXd:qARJ0PLngDkbtkuiRp430zBotk6
Malware Config
Targets
-
-
Target
.main.elf
-
Size
918KB
-
MD5
874e46dcc17a730a979a3b8853635f13
-
SHA1
05dee4a5ae043750a2d0e2bd9b79e1825a15d1fc
-
SHA256
af508a2d4957cc29eb75519ea027bce5ed412f0b8bda9193dd3b4673eae7df28
-
SHA512
ef1d3337dd143e31ff49400bbe41f34e414308cf23f9ccd6adc4af34600b4e738da9fdc458941dd1ec0e27b922e2516c22bf2e8ad2c156b71613573b7157dab8
-
SSDEEP
12288:qARJ0BriE6YngDkV5tkui3hp4GyoJzBONt+zbyyUbRkoXd:qARJ0PLngDkbtkuiRp430zBotk6
Score10/10-
XMRig Miner payload
-
Xmrig family
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
2System Checks
2