e52646f7cb2886d8a5d4c1a2692a5ab80926e7ce48bdb2362f383c0c6c7223a2 | Triage

Resubmissions

29-09-2024 11:53

240929-n2mlkstbpq 10

26-11-2020 12:41

201126-yzw2axgdz2 9

Sharing

General

Target

sbin
Size

6.9MB
Sample

201126-yzw2axgdz2
MD5

a2a11ec332dfd8b1b273d62f736c48a3
SHA1

cf0c8bd46ff772954f6a98ec30f804e1b851be12
SHA256

e52646f7cb2886d8a5d4c1a2692a5ab80926e7ce48bdb2362f383c0c6c7223a2
SHA512

e749068691711391496b85bae67a5c2f1a786ca2bd0be1d636d6f52337923d49045b0979afad811f47882bbcb3c162e1303dee92995cede5bf76ec739dfbf6b7

Score

9^/10

antivm linux

Malware Config

Targets

- Target
  
  sbin
- Size
  
  6.9MB
- MD5
  
  a2a11ec332dfd8b1b273d62f736c48a3
- SHA1
  
  cf0c8bd46ff772954f6a98ec30f804e1b851be12
- SHA256
  
  e52646f7cb2886d8a5d4c1a2692a5ab80926e7ce48bdb2362f383c0c6c7223a2
- SHA512
  
  e749068691711391496b85bae67a5c2f1a786ca2bd0be1d636d6f52337923d49045b0979afad811f47882bbcb3c162e1303dee92995cede5bf76ec739dfbf6b7
Score

9^/10

antivm
- Attempts to identify hypervisor via CPU configuration
  Checks CPU information for indicators that the system is a virtual machine.
  antivm
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Reads CPU attributes
- Enumerates kernel/hardware configuration
  Reads contents of /sys virtual filesystem to enumerate system information.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1