75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

General

Target

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
Size

2.2MB
MD5

b97e572ff7fc887edd5085402e0b4e86
SHA1

a7cd1e37de9b2e38d5dbaeac8124006e27d24281
SHA256

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
SHA512

724c3f2ee4dfda9aa7d452ca3491c13c689cf0bab058193e3097f1146c1b7195f86924c36e25bcb85c95fe5607c8b909f044bb69efababa7a04de471afe02b94

Score

9^/10

antivm

Malware Config

Signatures

Attempts to identify hypervisor via CPU configuration 1 TTPs 1 IoCs
Checks CPU information for indicators that the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

description ioc process

/proc/cpuinfo /proc/cpuinfo 75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.

Processes:

description ioc

/etc/hosts /etc/hosts
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf

description	ioc	process
/proc/cpuinfo	/proc/cpuinfo	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

description	ioc
/etc/hosts	/etc/hosts

description	ioc
/etc/resolv.conf	/etc/resolv.conf

Reads CPU attributes 1 TTPs 2 IoCs

System Information Discovery

T1082

Processes:

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

description	ioc	process
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/system/cpu/possible	/sys/devices/system/cpu/possible	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

Reads runtime system information 6 IoCs

Reads data from /proc virtual filesystem.

Processes:

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

description	ioc	process
/proc/mounts	/proc/mounts	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/proc/self/cgroup	/proc/self/cgroup	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/proc/meminfo	/proc/meminfo	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/proc/driver/nvidia/gpus	/proc/driver/nvidia/gpus	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/proc/elog	/proc/elog	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/proc/meminfo	/proc/meminfo

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

description ioc process

/tmp/config.json /tmp/config.json 75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

description	ioc	process
/tmp/config.json	/tmp/config.json	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

./75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
./75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
1⤵
- Attempts to identify hypervisor via CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:577

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1

T1497

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1

T1568

Impact

description	ioc	process
/sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size	/sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/product_name	/sys/devices/virtual/dmi/id/product_name	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/bios_date	/sys/devices/virtual/dmi/id/bios_date	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index0/number_of_sets	/sys/bus/cpu/devices/cpu0/cache/index0/number_of_sets	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index3/type	/sys/bus/cpu/devices/cpu0/cache/index3/type	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/chassis_version	/sys/devices/virtual/dmi/id/chassis_version	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index6/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index6/shared_cpu_map	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/dax/devices/	/sys/bus/dax/devices/	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index2/size	/sys/bus/cpu/devices/cpu0/cache/index2/size	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/topology/core_id	/sys/bus/cpu/devices/cpu0/topology/core_id	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index1/type	/sys/bus/cpu/devices/cpu0/cache/index1/type	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index3/size	/sys/bus/cpu/devices/cpu0/cache/index3/size	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/bios_version	/sys/devices/virtual/dmi/id/bios_version	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/sys_vendor	/sys/devices/virtual/dmi/id/sys_vendor	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index0/physical_line_partition	/sys/bus/cpu/devices/cpu0/cache/index0/physical_line_partition	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index3/level	/sys/bus/cpu/devices/cpu0/cache/index3/level	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/node/devices/node0/hugepages	/sys/bus/node/devices/node0/hugepages	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/node/devices/node0/access0/initiators	/sys/bus/node/devices/node0/access0/initiators	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/chassis_vendor	/sys/devices/virtual/dmi/id/chassis_vendor	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/chassis_serial	/sys/devices/virtual/dmi/id/chassis_serial	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices	/sys/bus/cpu/devices	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index1/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index1/shared_cpu_map	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/product_uuid	/sys/devices/virtual/dmi/id/product_uuid	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/board_vendor	/sys/devices/virtual/dmi/id/board_vendor	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/bios_vendor	/sys/devices/virtual/dmi/id/bios_vendor	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index0/level	/sys/bus/cpu/devices/cpu0/cache/index0/level	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index3/number_of_sets	/sys/bus/cpu/devices/cpu0/cache/index3/number_of_sets	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition	/sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/node/devices/node0/meminfo	/sys/bus/node/devices/node0/meminfo	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/board_asset_tag	/sys/devices/virtual/dmi/id/board_asset_tag	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/chassis_type	/sys/devices/virtual/dmi/id/chassis_type	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/topology/die_cpus	/sys/bus/cpu/devices/cpu0/topology/die_cpus	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index0/size	/sys/bus/cpu/devices/cpu0/cache/index0/size	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index2/physical_line_partition	/sys/bus/cpu/devices/cpu0/cache/index2/physical_line_partition	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages
/sys/bus/cpu/devices/cpu0/cache/index0/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index0/shared_cpu_map	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index2/level	/sys/bus/cpu/devices/cpu0/cache/index2/level	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index2/number_of_sets	/sys/bus/cpu/devices/cpu0/cache/index2/number_of_sets	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index3/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index3/shared_cpu_map	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size	/sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/kernel/mm/hugepages	/sys/kernel/mm/hugepages	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/product_version	/sys/devices/virtual/dmi/id/product_version	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/board_version	/sys/devices/virtual/dmi/id/board_version	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages
/sys/fs/cgroup/cpuset//cpuset.mems	/sys/fs/cgroup/cpuset//cpuset.mems	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/topology/core_siblings	/sys/bus/cpu/devices/cpu0/topology/core_siblings	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/system/node/online	/sys/devices/system/node/online	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/node/devices/node0/hugepages/hugepages-2048kB/nr_hugepages	/sys/bus/node/devices/node0/hugepages/hugepages-2048kB/nr_hugepages	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index1/level	/sys/bus/cpu/devices/cpu0/cache/index1/level	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index2/type	/sys/bus/cpu/devices/cpu0/cache/index2/type	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id	/sys/devices/virtual/dmi/id	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/fs/cgroup/cpuset//cpuset.cpus	/sys/fs/cgroup/cpuset//cpuset.cpus	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index0/type	/sys/bus/cpu/devices/cpu0/cache/index0/type	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/cache/index8/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index8/shared_cpu_map	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/board_name	/sys/devices/virtual/dmi/id/board_name	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/devices/virtual/dmi/id/board_serial	/sys/devices/virtual/dmi/id/board_serial	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/topology/thread_siblings	/sys/bus/cpu/devices/cpu0/topology/thread_siblings	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463
/sys/bus/cpu/devices/cpu0/topology/physical_package_id	/sys/bus/cpu/devices/cpu0/topology/physical_package_id	75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads