xmrig | 1fcc2061f767574044ca1e97f92ca1d44ee0b35e0a796e3bd6a949ad4b1175e5 | Triage

Submit
Reports

Overview

overview

Static

static

7

-bash-55bb...859237

ubuntu-20.04-amd64

-bash-55bb...859237

ubuntu-22.04-amd64

Sharing

General

Target

-bash-55bb90b9-2429-4214-8c22-5d8ee0859237
Size

2.3MB
Sample

240703-dn1k6syeln
MD5

b9f096559e923787ebb1288c93ce2902
SHA1

94851bcc8f9c651bcda0ff33d17356cb0b16cf12
SHA256

1fcc2061f767574044ca1e97f92ca1d44ee0b35e0a796e3bd6a949ad4b1175e5
SHA512

ce5f09737d0b7191e3b646ed6111bb0ce97544d280223f327c4f4cc652dc840fed639bc0462b88a7f87d071066e302be7980f14faca1f5e6e9bf732637db22be
SSDEEP

49152:hjYpLCWvHFiMBiBFjrhrlzr18t7LxcAk4u7prrRQx:MvlNiPt9y7LxXk5prrA

Score

10^/10

xmrig antivm linux miner persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

-bash-55bb90b9-2429-4214-8c22-5d8ee0859237

Resource

ubuntu2004-amd64-20240611-en

xmrig antivm miner persistence

ubuntu-20.04-amd64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

-bash-55bb90b9-2429-4214-8c22-5d8ee0859237

Resource

ubuntu2204-amd64-20240522.1-en

xmrig antivm miner persistence

ubuntu-22.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  -bash-55bb90b9-2429-4214-8c22-5d8ee0859237
- Size
  
  2.3MB
- MD5
  
  b9f096559e923787ebb1288c93ce2902
- SHA1
  
  94851bcc8f9c651bcda0ff33d17356cb0b16cf12
- SHA256
  
  1fcc2061f767574044ca1e97f92ca1d44ee0b35e0a796e3bd6a949ad4b1175e5
- SHA512
  
  ce5f09737d0b7191e3b646ed6111bb0ce97544d280223f327c4f4cc652dc840fed639bc0462b88a7f87d071066e302be7980f14faca1f5e6e9bf732637db22be
- SSDEEP
  
  49152:hjYpLCWvHFiMBiBFjrhrlzr18t7LxcAk4u7prrRQx:MvlNiPt9y7LxXk5prrA
Score

10^/10

xmrig antivm miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigantivmminerpersistence

behavioral2

xmrigantivmminerpersistence

© 2018-2024

Terms | Privacy