e642d16f7ba55d2eb23907883edce998da53a7962ff95900615a264756714e19 | Triage

Sharing

General

Target

dcbf0c964a99d2760d647903d31b8999
Size

977KB
Sample

211206-vmy5dsheg6
MD5

dcbf0c964a99d2760d647903d31b8999
SHA1

f9d8a30e104f9d71eada106ffebbf78cac32a699
SHA256

e642d16f7ba55d2eb23907883edce998da53a7962ff95900615a264756714e19
SHA512

66682981fcc94ab0ee2ca63bf7e9f8ff1d1fc70a2002f029cd58a4137b4208420298d52cbd64914bda931ba55048db7d755dea1cc81fb440ef8ef1faf8e6d367

Score

9^/10

antivm linux persistence

Malware Config

Targets

- Target
  
  dcbf0c964a99d2760d647903d31b8999
- Size
  
  977KB
- MD5
  
  dcbf0c964a99d2760d647903d31b8999
- SHA1
  
  f9d8a30e104f9d71eada106ffebbf78cac32a699
- SHA256
  
  e642d16f7ba55d2eb23907883edce998da53a7962ff95900615a264756714e19
- SHA512
  
  66682981fcc94ab0ee2ca63bf7e9f8ff1d1fc70a2002f029cd58a4137b4208420298d52cbd64914bda931ba55048db7d755dea1cc81fb440ef8ef1faf8e6d367
Score

9^/10

antivm persistence
- Attempts to identify hypervisor via CPU configuration
  Checks CPU information for indicators that the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads CPU attributes
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

antivmpersistence