Description
Checks CPU information for indicators that the system is a virtual machine.
75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
General
Target
Size
Sample
75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
2MB
220520-qqj3esggdr
Score
10 /10
MD5
SHA1
SHA256
SHA512
b97e572ff7fc887edd5085402e0b4e86
a7cd1e37de9b2e38d5dbaeac8124006e27d24281
75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
724c3f2ee4dfda9aa7d452ca3491c13c689cf0bab058193e3097f1146c1b7195f86924c36e25bcb85c95fe5607c8b909f044bb69efababa7a04de471afe02b94
Malware Config
Targets
Target
MD5
Filesize
75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
b97e572ff7fc887edd5085402e0b4e86
2MB
Score
9/10
SHA1
SHA256
SHA512
a7cd1e37de9b2e38d5dbaeac8124006e27d24281
75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
724c3f2ee4dfda9aa7d452ca3491c13c689cf0bab058193e3097f1146c1b7195f86924c36e25bcb85c95fe5607c8b909f044bb69efababa7a04de471afe02b94
Tags
Signatures
-
Attempts to identify hypervisor via CPU configuration
-
Modifies hosts file
Description
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Description
Writes data to DNS resolver config file.
TTPs
-
Reads CPU attributes
TTPs
-
Enumerates kernel/hardware configuration
Description
Reads contents of /sys virtual filesystem to enumerate system information.
TTPs
-
Reads runtime system information
Description
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Description
Malware often drops required files in the /tmp directory.
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks