General
-
Target
17ed9be38ad2b7f10e293dda3b49e69d
-
Size
65KB
-
Sample
210223-y4brtyevra
-
MD5
17ed9be38ad2b7f10e293dda3b49e69d
-
SHA1
f70d13d704408060d60425fda3d5b32a4293f2dc
-
SHA256
94b52bc89ed00de10ab8000993e5ef73555ea909881964a6431e0ab3df1569f3
-
SHA512
6dfdb02e255302ba6212461ce078b7fd6c1dcad51c09164baba4e0e9992a30c60bac8f02770b0cdfc1b4bba90053d12de51217684fea29865942e929ad6dbe40
Static task
static1
Behavioral task
behavioral1
Sample
17ed9be38ad2b7f10e293dda3b49e69d
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
17ed9be38ad2b7f10e293dda3b49e69d
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
17ed9be38ad2b7f10e293dda3b49e69d
Resource
debian9-mipsbe
Malware Config
Targets
-
-
Target
17ed9be38ad2b7f10e293dda3b49e69d
-
Size
65KB
-
MD5
17ed9be38ad2b7f10e293dda3b49e69d
-
SHA1
f70d13d704408060d60425fda3d5b32a4293f2dc
-
SHA256
94b52bc89ed00de10ab8000993e5ef73555ea909881964a6431e0ab3df1569f3
-
SHA512
6dfdb02e255302ba6212461ce078b7fd6c1dcad51c09164baba4e0e9992a30c60bac8f02770b0cdfc1b4bba90053d12de51217684fea29865942e929ad6dbe40
Score9/10-
Attempts to identify VMWare/VirtualBox via SCSI settings
-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Deletes system logs
-
Writes file to system bin folder
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-