Analysis

  • max time kernel
    5007s
  • max time network
    124s
  • platform
    linux_amd64
  • resource
    ubuntu-amd64
  • submitted
    16-01-2021 14:50

General

  • Target

    vulcan.x64

  • Size

    206KB

  • MD5

    db7eec3f7a375bf9a4d2eb4c130a1556

  • SHA1

    dba87b82e70847ab6a78393628592650b2569f64

  • SHA256

    3668b167f5c9083a9738cfc4bd863a07379a5b02ee14f48a10fb1240f3e421a6

  • SHA512

    886ad861a214a2165301f1cb8cd2775c771f2aed9a6ef8be65be8efd450bd47175db2e5f884474d5adfacd5e6f1d3b3ecbdf9afe19050557a459657ccaeec70c

Score
8/10

Malware Config

Signatures

  • Modifies hosts file 1 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration 1 TTPs 1 IoCs

    Writes data to DNS resolver config file.

  • Reads CPU attributes 1 TTPs 2 IoCs
  • Reads runtime system information 188 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • ./vulcan.x64
    ./vulcan.x64
    1⤵
      PID:562
    • /bin/sh
      sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;uname -a;uptime"
      1⤵
        PID:696
        • /bin/uname
          uname -a
          2⤵
            PID:697
          • /usr/bin/uptime
            uptime
            2⤵
            • Reads CPU attributes
            PID:698
        • /bin/sh
          sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;w"
          1⤵
            PID:700
            • /usr/bin/w
              w
              2⤵
              • Reads CPU attributes
              • Reads runtime system information
              PID:701

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads