General
-
Target
f72babf978d8b86a75e3b34f59d4fc6464dc988720d1574a781347896c2989c7
-
Size
7.6MB
-
Sample
220121-3zyndsdgh8
-
MD5
0014403121eeaebaeede796e4b6e5dbe
-
SHA1
4898e80e81129ab9f75be89a3e4fc004039c257e
-
SHA256
f72babf978d8b86a75e3b34f59d4fc6464dc988720d1574a781347896c2989c7
-
SHA512
a2dcaa447880b1f015c157cb7a6d71ca4005b8944191dd656aa5078233f99dca1902d844f36d45105dff69a4e529c3c35f43597303fbb7088e2042966b26bcaf
Malware Config
Targets
-
-
Target
f72babf978d8b86a75e3b34f59d4fc6464dc988720d1574a781347896c2989c7
-
Size
7.6MB
-
MD5
0014403121eeaebaeede796e4b6e5dbe
-
SHA1
4898e80e81129ab9f75be89a3e4fc004039c257e
-
SHA256
f72babf978d8b86a75e3b34f59d4fc6464dc988720d1574a781347896c2989c7
-
SHA512
a2dcaa447880b1f015c157cb7a6d71ca4005b8944191dd656aa5078233f99dca1902d844f36d45105dff69a4e529c3c35f43597303fbb7088e2042966b26bcaf
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-