General
-
Target
Tcp1000gbps.sh
-
Size
1KB
-
Sample
250603-bgn8fsxvez
-
MD5
08416a1ef9a5bfcc77131c34af46204f
-
SHA1
a937aae1f87e2d8c6399c3a7ae875a229a796491
-
SHA256
15b63c1681574153b1da9bb4a969c9f76efc65583a0833ee9c3bf72d2d2f79c0
-
SHA512
9e50edb014f7cc16c272a0babf7e222313fa51aed091a6db70019a48386b6dd2282620b24c21b6905319b532af30a582afb54ad5b49cb8353f5d7edfd1173d44
Static task
static1
Behavioral task
behavioral1
Sample
Tcp1000gbps.sh
Resource
ubuntu1804-amd64-20250410-en
Behavioral task
behavioral2
Sample
Tcp1000gbps.sh
Resource
debian9-armhf-20250410-en
Behavioral task
behavioral3
Sample
Tcp1000gbps.sh
Resource
debian9-mipsbe-20250410-en
Behavioral task
behavioral4
Sample
Tcp1000gbps.sh
Resource
debian9-mipsel-20240418-en
Malware Config
Targets
-
-
Target
Tcp1000gbps.sh
-
Size
1KB
-
MD5
08416a1ef9a5bfcc77131c34af46204f
-
SHA1
a937aae1f87e2d8c6399c3a7ae875a229a796491
-
SHA256
15b63c1681574153b1da9bb4a969c9f76efc65583a0833ee9c3bf72d2d2f79c0
-
SHA512
9e50edb014f7cc16c272a0babf7e222313fa51aed091a6db70019a48386b6dd2282620b24c21b6905319b532af30a582afb54ad5b49cb8353f5d7edfd1173d44
-
XMRig Miner payload
-
Xmrig family
-
Xmrig_linux family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v16
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
2System Checks
2