General

  • Target

    f72babf978d8b86a75e3b34f59d4fc6464dc988720d1574a781347896c2989c7

  • Size

    7MB

  • Sample

    220518-z8fx6ahaeq

  • MD5

    0014403121eeaebaeede796e4b6e5dbe

  • SHA1

    4898e80e81129ab9f75be89a3e4fc004039c257e

  • SHA256

    f72babf978d8b86a75e3b34f59d4fc6464dc988720d1574a781347896c2989c7

  • SHA512

    a2dcaa447880b1f015c157cb7a6d71ca4005b8944191dd656aa5078233f99dca1902d844f36d45105dff69a4e529c3c35f43597303fbb7088e2042966b26bcaf

Score
10/10

Malware Config

Targets

    • Target

      f72babf978d8b86a75e3b34f59d4fc6464dc988720d1574a781347896c2989c7

    • Size

      7MB

    • MD5

      0014403121eeaebaeede796e4b6e5dbe

    • SHA1

      4898e80e81129ab9f75be89a3e4fc004039c257e

    • SHA256

      f72babf978d8b86a75e3b34f59d4fc6464dc988720d1574a781347896c2989c7

    • SHA512

      a2dcaa447880b1f015c157cb7a6d71ca4005b8944191dd656aa5078233f99dca1902d844f36d45105dff69a4e529c3c35f43597303fbb7088e2042966b26bcaf

    Score
    9/10
    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

    • Reads CPU attributes

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks