General
-
Target
706b6098822e7992beb7528cf585b29f734b5b2ad615520028af007e11d07f19
-
Size
7.7MB
-
Sample
210727-ccxmv55vs6
-
MD5
cdeb5abff1b7b207d1b136e4f680f2c2
-
SHA1
a16ec9b68c6bb04cb7a2741ba6c41f48bb8d3473
-
SHA256
61b26b448c914c9ac726df12878f625aa2e65047240da148b20cfb48ca80c20b
-
SHA512
7f2ce886a297041449289e9379b27461d5224cebf70f48185ed9ed7faa60755d2422a7ba095da992411a02d0359bf3a422e18125a7e3ab41c77e39e9547dfce3
Static task
static1
Behavioral task
behavioral1
Sample
706b6098822e7992beb7528cf585b29f734b5b2ad615520028af007e11d07f19
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
706b6098822e7992beb7528cf585b29f734b5b2ad615520028af007e11d07f19
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
706b6098822e7992beb7528cf585b29f734b5b2ad615520028af007e11d07f19
Resource
debian9-mipsbe
Malware Config
Targets
-
-
Target
706b6098822e7992beb7528cf585b29f734b5b2ad615520028af007e11d07f19
-
Size
7.7MB
-
MD5
cdeb5abff1b7b207d1b136e4f680f2c2
-
SHA1
a16ec9b68c6bb04cb7a2741ba6c41f48bb8d3473
-
SHA256
61b26b448c914c9ac726df12878f625aa2e65047240da148b20cfb48ca80c20b
-
SHA512
7f2ce886a297041449289e9379b27461d5224cebf70f48185ed9ed7faa60755d2422a7ba095da992411a02d0359bf3a422e18125a7e3ab41c77e39e9547dfce3
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-