General
-
Target
x86_64
-
Size
1.8MB
-
Sample
220817-gsxa4aedh6
-
MD5
6a029df4c5e466511749a1c5321cb576
-
SHA1
074d800744815a43eac098f0c1b5c03814769bc3
-
SHA256
a4a90999ade02ca7104e2553aede3c82decbd319d67059d43be99415acb03c26
-
SHA512
0665dc76cab1c9c0055346c5d080f0caf0abfbd31bc8fab7e3497e16fcd00d2207656fa3421224114d90f8dbc4fc4ca783691c547a5fa70ec6323d522de904b3
-
SSDEEP
49152:V3phqEkIKrVXnoiJ64tCWqGG8dGbsggu3OUhR:V31LKrb1FpG8dGcqDT
Static task
static1
Behavioral task
behavioral1
Sample
x86_64
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Targets
-
-
Target
x86_64
-
Size
1.8MB
-
MD5
6a029df4c5e466511749a1c5321cb576
-
SHA1
074d800744815a43eac098f0c1b5c03814769bc3
-
SHA256
a4a90999ade02ca7104e2553aede3c82decbd319d67059d43be99415acb03c26
-
SHA512
0665dc76cab1c9c0055346c5d080f0caf0abfbd31bc8fab7e3497e16fcd00d2207656fa3421224114d90f8dbc4fc4ca783691c547a5fa70ec6323d522de904b3
-
SSDEEP
49152:V3phqEkIKrVXnoiJ64tCWqGG8dGbsggu3OUhR:V31LKrb1FpG8dGcqDT
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-