xmrig | eb4d5d21d11d867ae53ef676fe24aeccf6f54e68ab0c5337ce38921940cf97d1 | Triage

Submit
Reports

Overview

overview

Static

static

1

minstall.sh

ubuntu-18.04-amd64

minstall.sh

debian-9-armhf

minstall.sh

debian-9-mips

minstall.sh

debian-9-mipsel

Sharing

General

Target

minstall.sh
Size

1KB
Sample

250330-x6qngaxps6
MD5

815e8f0fa36c902d98a7fc43b325f872
SHA1

0def204bd8a94fc477a98054c0f5d374146362e7
SHA256

eb4d5d21d11d867ae53ef676fe24aeccf6f54e68ab0c5337ce38921940cf97d1
SHA512

feb03aeefa483dcc924fb0f0478e322c19f8f6d483214af0232c0a7c0197ed94781866e1a377db82ad978a0b5d94b8fc364b538b2f910cb717cd5d6e8e8d6190

Score

10^/10

xmrig xmrig_linux antivm discovery linux miner rootkit

Static task

static1

Behavioral task

behavioral1

Sample

minstall.sh

Resource

ubuntu1804-amd64-20240611-en

xmrig xmrig_linux antivm discovery miner rootkit

ubuntu-18.04-amd64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

minstall.sh

Resource

debian9-armhf-20240418-en

xmrig xmrig_linux discovery miner

debian-9-armhf

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

minstall.sh

Resource

debian9-mipsbe-20240611-en

xmrig xmrig_linux discovery miner

debian-9-mips

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

minstall.sh

Resource

debian9-mipsel-20240611-en

xmrig xmrig_linux discovery miner

debian-9-mipsel

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  minstall.sh
- Size
  
  1KB
- MD5
  
  815e8f0fa36c902d98a7fc43b325f872
- SHA1
  
  0def204bd8a94fc477a98054c0f5d374146362e7
- SHA256
  
  eb4d5d21d11d867ae53ef676fe24aeccf6f54e68ab0c5337ce38921940cf97d1
- SHA512
  
  feb03aeefa483dcc924fb0f0478e322c19f8f6d483214af0232c0a7c0197ed94781866e1a377db82ad978a0b5d94b8fc364b538b2f910cb717cd5d6e8e8d6190
Score

10^/10

xmrig xmrig_linux antivm discovery miner rootkit
- XMRig Miner payload
  miner
- Xmrig family
  xmrig
- Xmrig_linux family
  xmrig_linux
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig_linux
- Executes dropped EXE
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigxmrig_linuxantivmdiscoveryminerrootkit

behavioral2

xmrigxmrig_linuxdiscoveryminer

behavioral3

xmrigxmrig_linuxdiscoveryminer

behavioral4

xmrigxmrig_linuxdiscoveryminer

© 2018-2025

Terms | Privacy