Analysis
-
max time kernel
0s -
max time network
158s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
09-08-2022 09:21
Static task
static1
Behavioral task
behavioral1
Sample
ninfo
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
ninfo
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral3
Sample
ninfo
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral4
Sample
ninfo
Resource
debian9-mipsel-en-20211208
General
-
Target
ninfo
-
Size
2KB
-
MD5
ecf1fb8301600bf837437e21d17272b1
-
SHA1
f554f8c16f5beea7ce09348ee1117a8ec6ad9fe2
-
SHA256
f0f0c3f43e8537cb43cb932959534f038ec6ee9405aab2303d7da4d0cb34fb00
-
SHA512
c0f7c727c165c61a925b1695c3c0c93d42158831447d915b730dd24370d24b33baa8cf88bf77d581a1c13568414206df09734374ca65c932941ecee4ac69de69
Malware Config
Signatures
-
Attempts to identify hypervisor via CPU configuration 1 TTPs 4 IoCs
Checks CPU information for indicators that the system is a virtual machine.
Processes:
grepgrepgrepgrepdescription ioc process /proc/cpuinfo /proc/cpuinfo grep /proc/cpuinfo /proc/cpuinfo grep /proc/cpuinfo /proc/cpuinfo grep /proc/cpuinfo /proc/cpuinfo grep -
Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.
Processes:
wgetdescription ioc process /etc/hosts /etc/hosts wget -
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.
-
Reads CPU attributes 1 TTPs 1 IoCs
Processes:
freedescription ioc process /sys/devices/system/cpu/online /sys/devices/system/cpu/online free -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
lspcidescription ioc process /sys/bus/pci/devices /sys/bus/pci/devices lspci -
Reads runtime system information 12 IoCs
Reads data from /proc virtual filesystem.
Processes:
freeidsedsedsedsedsedseddfdescription ioc process /proc/filesystems /proc/filesystems free /proc/sys/kernel/osrelease /proc/sys/kernel/osrelease free /proc/filesystems /proc/filesystems id /proc/uptime /proc/uptime /proc/filesystems /proc/filesystems sed /proc/filesystems /proc/filesystems sed /proc/filesystems /proc/filesystems sed /proc/filesystems /proc/filesystems sed /proc/filesystems /proc/filesystems sed /proc/filesystems /proc/filesystems sed /proc/meminfo /proc/meminfo free /proc/self/mountinfo /proc/self/mountinfo df -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
ninfodescription ioc process /tmp/ninfo /tmp/ninfo ninfo
Processes
-
/tmp/ninfo/tmp/ninfo1⤵
- Writes file to tmp directory
-
/bin/grepgrep -c "^processor" /proc/cpuinfo2⤵
- Attempts to identify hypervisor via CPU configuration
-
/bin/unameuname -a2⤵
-
/usr/bin/tputtput bold2⤵
-
/bin/sleepsleep 12⤵
-
/bin/sleepsleep 12⤵
-
/bin/sleepsleep 22⤵
-
/bin/sleepsleep 22⤵
-
/usr/bin/idid -u2⤵
- Reads runtime system information
-
/bin/sleepsleep 32⤵
-
/bin/sleepsleep 12⤵
-
/bin/sleepsleep 12⤵
-
/bin/sleepsleep 12⤵
-
/bin/sleepsleep 12⤵
-
/usr/bin/wgetwget nasapaul.com/v.py2⤵
- Modifies hosts file
- Writes DNS configuration
-
/usr/bin/perlperl v.py2⤵
-
/bin/grepgrep -m 1 "model name" /proc/cpuinfo1⤵
- Attempts to identify hypervisor via CPU configuration
-
/usr/bin/cutcut -d: -f21⤵
-
/bin/sedsed -e "s/^ *//"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s/\$//"1⤵
- Reads runtime system information
-
/bin/grepgrep -m 1 stepping /proc/cpuinfo1⤵
- Attempts to identify hypervisor via CPU configuration
-
/usr/bin/cutcut -d: -f21⤵
-
/bin/sedsed -e "s/^ *//"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s/\$//"1⤵
- Reads runtime system information
-
/bin/grepgrep -m 1 bogomips /proc/cpuinfo1⤵
- Attempts to identify hypervisor via CPU configuration
-
/usr/bin/cutcut -d: -f21⤵
-
/bin/sedsed -e "s/^ *//"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s/\$//"1⤵
- Reads runtime system information
-
/usr/bin/freefree -m1⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/grepgrep -oP "\\d+"1⤵
-
/usr/bin/headhead -n 11⤵
-
/usr/bin/lspcilspci1⤵
- Enumerates kernel/hardware configuration
-
/bin/grepgrep VGA1⤵
-
/usr/bin/cutcut -f5- -d " "1⤵
-
/bin/dfdf -h --total1⤵
- Reads runtime system information
-
/bin/grepgrep total1⤵
-
/usr/bin/awkawk "{ printf \"\" \$2 \"B\\n\\n\" }"1⤵