f0f0c3f43e8537cb43cb932959534f038ec6ee9405aab2303d7da4d0cb34fb00 | Triage

Sharing

General

Target

ninfo
Size

2KB
Sample

220809-lbpxxagahp
MD5

ecf1fb8301600bf837437e21d17272b1
SHA1

f554f8c16f5beea7ce09348ee1117a8ec6ad9fe2
SHA256

f0f0c3f43e8537cb43cb932959534f038ec6ee9405aab2303d7da4d0cb34fb00
SHA512

c0f7c727c165c61a925b1695c3c0c93d42158831447d915b730dd24370d24b33baa8cf88bf77d581a1c13568414206df09734374ca65c932941ecee4ac69de69

Score

9^/10

antivm linux

Malware Config

Targets

- Target
  
  ninfo
- Size
  
  2KB
- MD5
  
  ecf1fb8301600bf837437e21d17272b1
- SHA1
  
  f554f8c16f5beea7ce09348ee1117a8ec6ad9fe2
- SHA256
  
  f0f0c3f43e8537cb43cb932959534f038ec6ee9405aab2303d7da4d0cb34fb00
- SHA512
  
  c0f7c727c165c61a925b1695c3c0c93d42158831447d915b730dd24370d24b33baa8cf88bf77d581a1c13568414206df09734374ca65c932941ecee4ac69de69
Score

9^/10

antivm
- Attempts to identify hypervisor via CPU configuration
  Checks CPU information for indicators that the system is a virtual machine.
  antivm
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Write file to user bin folder
- Reads CPU attributes
- Enumerates kernel/hardware configuration
  Reads contents of /sys virtual filesystem to enumerate system information.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4