Overview

overview

9

Static

static

x86_64

debian-9-armhf

x86_64

debian-9-mips

x86_64

debian-9-mipsel

x86_64

ubuntu-18.04-amd64

9

Resubmissions

17-08-2022 06:24

220817-g58jwsbfgk 9

17-08-2022 06:04

220817-gsxa4aedh6 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    x86_64

  • Size

    1.8MB

  • Sample

    220817-g58jwsbfgk

  • MD5

    6a029df4c5e466511749a1c5321cb576

  • SHA1

    074d800744815a43eac098f0c1b5c03814769bc3

  • SHA256

    a4a90999ade02ca7104e2553aede3c82decbd319d67059d43be99415acb03c26

  • SHA512

    0665dc76cab1c9c0055346c5d080f0caf0abfbd31bc8fab7e3497e16fcd00d2207656fa3421224114d90f8dbc4fc4ca783691c547a5fa70ec6323d522de904b3

  • SSDEEP

    49152:V3phqEkIKrVXnoiJ64tCWqGG8dGbsggu3OUhR:V31LKrb1FpG8dGcqDT

Score
9/10
antivmlinux

Malware Config

Targets

    • Target

      x86_64

    • Size

      1.8MB

    • MD5

      6a029df4c5e466511749a1c5321cb576

    • SHA1

      074d800744815a43eac098f0c1b5c03814769bc3

    • SHA256

      a4a90999ade02ca7104e2553aede3c82decbd319d67059d43be99415acb03c26

    • SHA512

      0665dc76cab1c9c0055346c5d080f0caf0abfbd31bc8fab7e3497e16fcd00d2207656fa3421224114d90f8dbc4fc4ca783691c547a5fa70ec6323d522de904b3

    • SSDEEP

      49152:V3phqEkIKrVXnoiJ64tCWqGG8dGbsggu3OUhR:V31LKrb1FpG8dGcqDT

    Score
    9/10
    antivm

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Reads CPU attributes

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Tasks