bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

General

Target

bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
Size

8.6MB
MD5

1f29fc7e6e27a5a7e92ce400cf2eaf2f
SHA1

901d534f3fe2a57f660a9e344734f51fd9fbd869
SHA256

bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
SHA512

ab2e96abaa5d543656a72f3f97b8ae4fb857e8ceb0b73fbcf4f22e45eb39aeb95a61e6d5558c58ee32bfcafed381fb84ea48bf413875d23d98f634c6c3c45aea

Score

9^/10

antivm

Malware Config

Signatures

Attempts to identify hypervisor via CPU configuration 1 TTPs 1 IoCs
Checks CPU information for indicators that the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

description ioc process

/proc/cpuinfo /proc/cpuinfo bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

description	ioc	process
/proc/cpuinfo	/proc/cpuinfo	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

Reads CPU attributes 1 TTPs 2 IoCs

System Information Discovery

T1082

Processes:

bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

description	ioc	process
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/system/cpu/possible	/sys/devices/system/cpu/possible	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

Reads runtime system information 4 IoCs

Reads data from /proc virtual filesystem.

Processes:

bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

description	ioc	process
/proc/meminfo	/proc/meminfo	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/proc/driver/nvidia/gpus	/proc/driver/nvidia/gpus	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/proc/mounts	/proc/mounts	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/proc/self/cpuset	/proc/self/cpuset	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

description ioc process

/tmp/config.json /tmp/config.json bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

description	ioc	process
/tmp/config.json	/tmp/config.json	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

./bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
./bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
1⤵
- Attempts to identify hypervisor via CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:571

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1

T1497

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

description	ioc	process
/sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/node/devices/node0/cpumap	/sys/bus/node/devices/node0/cpumap	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/node/devices/node0/hugepages	/sys/bus/node/devices/node0/hugepages	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/chassis_type	/sys/devices/virtual/dmi/id/chassis_type	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/topology/physical_package_id	/sys/bus/cpu/devices/cpu0/topology/physical_package_id	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index0/level	/sys/bus/cpu/devices/cpu0/cache/index0/level	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index8/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index8/shared_cpu_map	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/node/devices/node0/meminfo	/sys/bus/node/devices/node0/meminfo	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/node/devices/node0/hugepages/hugepages-2048kB/nr_hugepages	/sys/bus/node/devices/node0/hugepages/hugepages-2048kB/nr_hugepages	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/fs/cgroup/cpuset//cpuset.mems	/sys/fs/cgroup/cpuset//cpuset.mems	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/topology/core_id	/sys/bus/cpu/devices/cpu0/topology/core_id	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index1/type	/sys/bus/cpu/devices/cpu0/cache/index1/type	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index3/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index3/shared_cpu_map	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index3/id	/sys/bus/cpu/devices/cpu0/cache/index3/id	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices	/sys/bus/cpu/devices	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index0/coherency_line_size	/sys/bus/cpu/devices/cpu0/cache/index0/coherency_line_size	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index2/level	/sys/bus/cpu/devices/cpu0/cache/index2/level	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/board_vendor	/sys/devices/virtual/dmi/id/board_vendor	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index0/type	/sys/bus/cpu/devices/cpu0/cache/index0/type	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/fs/cgroup/cpuset//cpuset.cpus	/sys/fs/cgroup/cpuset//cpuset.cpus	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/topology/thread_siblings	/sys/bus/cpu/devices/cpu0/topology/thread_siblings	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/topology/cluster_cpus	/sys/bus/cpu/devices/cpu0/topology/cluster_cpus	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size	/sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/board_version	/sys/devices/virtual/dmi/id/board_version	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/bios_vendor	/sys/devices/virtual/dmi/id/bios_vendor	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/fs/cgroup/unified/cgroup.controllers	/sys/fs/cgroup/unified/cgroup.controllers	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/product_serial	/sys/devices/virtual/dmi/id/product_serial	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/chassis_serial	/sys/devices/virtual/dmi/id/chassis_serial	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index6/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index6/shared_cpu_map	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/bios_date	/sys/devices/virtual/dmi/id/bios_date	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/chassis_asset_tag	/sys/devices/virtual/dmi/id/chassis_asset_tag	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/system/node/online	/sys/devices/system/node/online	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/node/devices/node0/access1/initiators	/sys/bus/node/devices/node0/access1/initiators	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/product_uuid	/sys/devices/virtual/dmi/id/product_uuid	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/system/cpu	/sys/devices/system/cpu	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cpufreq/cpuinfo_max_freq	/sys/bus/cpu/devices/cpu0/cpufreq/cpuinfo_max_freq	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition	/sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cpufreq/base_frequency	/sys/bus/cpu/devices/cpu0/cpufreq/base_frequency	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/dax/devices/	/sys/bus/dax/devices/	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index0/physical_line_partition	/sys/bus/cpu/devices/cpu0/cache/index0/physical_line_partition	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size	/sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/kernel/mm/hugepages	/sys/kernel/mm/hugepages	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/node/devices/node0/access0/initiators/read_bandwidth	/sys/bus/node/devices/node0/access0/initiators/read_bandwidth	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/node/devices/node0/access0/initiators/read_latency	/sys/bus/node/devices/node0/access0/initiators/read_latency	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/chassis_vendor	/sys/devices/virtual/dmi/id/chassis_vendor	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index2/physical_line_partition	/sys/bus/cpu/devices/cpu0/cache/index2/physical_line_partition	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index0/size	/sys/bus/cpu/devices/cpu0/cache/index0/size	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index1/id	/sys/bus/cpu/devices/cpu0/cache/index1/id	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index2/size	/sys/bus/cpu/devices/cpu0/cache/index2/size	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index3/size	/sys/bus/cpu/devices/cpu0/cache/index3/size	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/topology/core_siblings	/sys/bus/cpu/devices/cpu0/topology/core_siblings	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/bios_version	/sys/devices/virtual/dmi/id/bios_version	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index2/id	/sys/bus/cpu/devices/cpu0/cache/index2/id	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index2/number_of_sets	/sys/bus/cpu/devices/cpu0/cache/index2/number_of_sets	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/board_asset_tag	/sys/devices/virtual/dmi/id/board_asset_tag	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index1/level	/sys/bus/cpu/devices/cpu0/cache/index1/level	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/bus/cpu/devices/cpu0/cache/index3/type	/sys/bus/cpu/devices/cpu0/cache/index3/type	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id	/sys/devices/virtual/dmi/id	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28
/sys/devices/virtual/dmi/id/product_version	/sys/devices/virtual/dmi/id/product_version	bf8dc5eca570a1a0d702303547b736cff9df54c31745dde90dfc429580c0cc28

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads