General
-
Target
ninfo
-
Size
2KB
-
Sample
220809-lbpxxagahp
-
MD5
ecf1fb8301600bf837437e21d17272b1
-
SHA1
f554f8c16f5beea7ce09348ee1117a8ec6ad9fe2
-
SHA256
f0f0c3f43e8537cb43cb932959534f038ec6ee9405aab2303d7da4d0cb34fb00
-
SHA512
c0f7c727c165c61a925b1695c3c0c93d42158831447d915b730dd24370d24b33baa8cf88bf77d581a1c13568414206df09734374ca65c932941ecee4ac69de69
Static task
static1
Behavioral task
behavioral1
Sample
ninfo
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
ninfo
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral3
Sample
ninfo
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral4
Sample
ninfo
Resource
debian9-mipsel-en-20211208
Malware Config
Targets
-
-
Target
ninfo
-
Size
2KB
-
MD5
ecf1fb8301600bf837437e21d17272b1
-
SHA1
f554f8c16f5beea7ce09348ee1117a8ec6ad9fe2
-
SHA256
f0f0c3f43e8537cb43cb932959534f038ec6ee9405aab2303d7da4d0cb34fb00
-
SHA512
c0f7c727c165c61a925b1695c3c0c93d42158831447d915b730dd24370d24b33baa8cf88bf77d581a1c13568414206df09734374ca65c932941ecee4ac69de69
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Write file to user bin folder
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-