General
-
Target
75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
-
Size
2.2MB
-
Sample
220520-qqj3esggdr
-
MD5
b97e572ff7fc887edd5085402e0b4e86
-
SHA1
a7cd1e37de9b2e38d5dbaeac8124006e27d24281
-
SHA256
75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
-
SHA512
724c3f2ee4dfda9aa7d452ca3491c13c689cf0bab058193e3097f1146c1b7195f86924c36e25bcb85c95fe5607c8b909f044bb69efababa7a04de471afe02b94
Behavioral task
behavioral1
Sample
75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Targets
-
-
Target
75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
-
Size
2.2MB
-
MD5
b97e572ff7fc887edd5085402e0b4e86
-
SHA1
a7cd1e37de9b2e38d5dbaeac8124006e27d24281
-
SHA256
75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
-
SHA512
724c3f2ee4dfda9aa7d452ca3491c13c689cf0bab058193e3097f1146c1b7195f86924c36e25bcb85c95fe5607c8b909f044bb69efababa7a04de471afe02b94
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-