5d06a06657e2aa03900f4129417cf926a973eded6b99ba2efd340f873aac4d89

Analysis

max time kernel
0s
max time network
102s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
23-08-2022 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cpuminer-sse42-aes
Size

3.2MB
MD5

dc66aa8c223623a54723b6ec752c3637
SHA1

20b14f646270130c4d7b178a335528221b9033ba
SHA256

34817835b29d779397fc9d7e762bc9b4f5073a51e5b448913f5dd1f1612de2cf
SHA512

d6aa8fb46c3d8622b32b1aa94258678ef5d210133bdcaefa44ed781457c3d42a5a486caadfbdfb20a8ac4b09b335d4a42ac9bf6f06d7c7b81ed0414499b35c6d

Score

9^/10

antivm backdoor

Malware Config

Signatures

Attempts to identify hypervisor via CPU configuration 1 TTPs 1 IoCs
Checks CPU information for indicators that the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

cpuminer-sse42-aes

description ioc process

/proc/cpuinfo /proc/cpuinfo cpuminer-sse42-aes

description	ioc	process
/proc/cpuinfo	/proc/cpuinfo	cpuminer-sse42-aes

Reads CPU attributes 1 TTPs 2 IoCs

System Information Discovery

T1082

Processes:

cpuminer-sse42-aes

description	ioc	process
/sys/devices/system/cpu/possible	/sys/devices/system/cpu/possible	cpuminer-sse42-aes
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	cpuminer-sse42-aes

Reads network interface configuration 2 TTPs 1 IoCs
Fetches information about one or more active network interfaces.
backdoor

System Network Configuration Discovery
T1016

System Network Connections Discovery
T1049

Processes:

cpuminer-sse42-aes

description ioc process

/sys/class/net/ens3/address /sys/class/net/ens3/address cpuminer-sse42-aes

description	ioc	process
/sys/class/net/ens3/address	/sys/class/net/ens3/address	cpuminer-sse42-aes

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

cpuminer-sse42-aes

Reads runtime system information 6 IoCs

Reads data from /proc virtual filesystem.

Processes:

cpuminer-sse42-aes

description	ioc	process
/proc/mounts	/proc/mounts	cpuminer-sse42-aes
/proc/self/cpuset	/proc/self/cpuset	cpuminer-sse42-aes
/proc/meminfo	/proc/meminfo	cpuminer-sse42-aes
/proc/driver/nvidia/gpus	/proc/driver/nvidia/gpus	cpuminer-sse42-aes
/proc/self/exe	/proc/self/exe	cpuminer-sse42-aes
/proc/self/status	/proc/self/status	cpuminer-sse42-aes

/tmp/cpuminer-sse42-aes
/tmp/cpuminer-sse42-aes
1⤵
- Attempts to identify hypervisor via CPU configuration
- Reads CPU attributes
- Reads network interface configuration
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:592

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

description	ioc	process
/sys/bus/node/devices/node0/access0/initiators/read_latency	/sys/bus/node/devices/node0/access0/initiators/read_latency	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/product_name	/sys/devices/virtual/dmi/id/product_name	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/board_vendor	/sys/devices/virtual/dmi/id/board_vendor	cpuminer-sse42-aes
/sys/devices/system/node/node0/meminfo	/sys/devices/system/node/node0/meminfo	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index0/coherency_line_size	/sys/bus/cpu/devices/cpu0/cache/index0/coherency_line_size	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index3/size	/sys/bus/cpu/devices/cpu0/cache/index3/size	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index7/shared_cpu_map	cpuminer-sse42-aes
/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/board_version	/sys/devices/virtual/dmi/id/board_version	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/board_serial	/sys/devices/virtual/dmi/id/board_serial	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/chassis_vendor	/sys/devices/virtual/dmi/id/chassis_vendor	cpuminer-sse42-aes
/sys/class/bxi	/sys/class/bxi	cpuminer-sse42-aes
/sys/devices/system/cpu	/sys/devices/system/cpu	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/topology/core_siblings	/sys/bus/cpu/devices/cpu0/topology/core_siblings	cpuminer-sse42-aes
/sys/bus/node/devices/node0/meminfo	/sys/bus/node/devices/node0/meminfo	cpuminer-sse42-aes
/sys/class/block/fd0/device/numa_node	/sys/class/block/fd0/device/numa_node	cpuminer-sse42-aes
/sys/class/block/vda/dev	/sys/class/block/vda/dev	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index5/shared_cpu_map	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/board_name	/sys/devices/virtual/dmi/id/board_name	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/bios_vendor	/sys/devices/virtual/dmi/id/bios_vendor	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/bios_version	/sys/devices/virtual/dmi/id/bios_version	cpuminer-sse42-aes
/sys/class/block/vda/size	/sys/class/block/vda/size	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/topology/thread_siblings	/sys/bus/cpu/devices/cpu0/topology/thread_siblings	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index0/size	/sys/bus/cpu/devices/cpu0/cache/index0/size	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index1/type	/sys/bus/cpu/devices/cpu0/cache/index1/type	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index1/id	/sys/bus/cpu/devices/cpu0/cache/index1/id	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index4/shared_cpu_map	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index9/shared_cpu_map	cpuminer-sse42-aes
/sys/bus/dax/devices/	/sys/bus/dax/devices/	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/topology/physical_package_id	/sys/bus/cpu/devices/cpu0/topology/physical_package_id	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index0/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index0/shared_cpu_map	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index0/id	/sys/bus/cpu/devices/cpu0/cache/index0/id	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index1/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index1/shared_cpu_map	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size	/sys/bus/cpu/devices/cpu0/cache/index2/coherency_line_size	cpuminer-sse42-aes
/sys/bus/node/devices/node0/access0/initiators	/sys/bus/node/devices/node0/access0/initiators	cpuminer-sse42-aes
/sys/class/block/sr0/queue/hw_sector_size	/sys/class/block/sr0/queue/hw_sector_size	cpuminer-sse42-aes
/sys/class/block/fd0/dev	/sys/class/block/fd0/dev	cpuminer-sse42-aes
/sys/class/block	/sys/class/block	cpuminer-sse42-aes
/sys/class/ve	/sys/class/ve	cpuminer-sse42-aes
/sys/fs/cgroup/cpuset//cpuset.cpus	/sys/fs/cgroup/cpuset//cpuset.cpus	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index2/level	/sys/bus/cpu/devices/cpu0/cache/index2/level	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition	/sys/bus/cpu/devices/cpu0/cache/index3/physical_line_partition	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cpu_capacity	/sys/bus/cpu/devices/cpu0/cpu_capacity	cpuminer-sse42-aes
/sys/devices/system/node/online	/sys/devices/system/node/online	cpuminer-sse42-aes
/sys/class/block/vda/queue/hw_sector_size	/sys/class/block/vda/queue/hw_sector_size	cpuminer-sse42-aes
/sys/devices/system/node	/sys/devices/system/node	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/topology/core_id	/sys/bus/cpu/devices/cpu0/topology/core_id	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index2/id	/sys/bus/cpu/devices/cpu0/cache/index2/id	cpuminer-sse42-aes
/sys/bus/node/devices/node0/cpumap	/sys/bus/node/devices/node0/cpumap	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/sys_vendor	/sys/devices/virtual/dmi/id/sys_vendor	cpuminer-sse42-aes
/sys/bus/pci/devices/0000:00:03.0/local_cpus	/sys/bus/pci/devices/0000:00:03.0/local_cpus	cpuminer-sse42-aes
/sys/fs/cgroup/unified/cgroup.controllers	/sys/fs/cgroup/unified/cgroup.controllers	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/topology/die_cpus	/sys/bus/cpu/devices/cpu0/topology/die_cpus	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/chassis_type	/sys/devices/virtual/dmi/id/chassis_type	cpuminer-sse42-aes
/sys/devices/virtual/dmi/id/chassis_version	/sys/devices/virtual/dmi/id/chassis_version	cpuminer-sse42-aes
/sys/bus/pci/devices/0000:00:04.0/local_cpus	/sys/bus/pci/devices/0000:00:04.0/local_cpus	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size	/sys/bus/cpu/devices/cpu0/cache/index3/coherency_line_size	cpuminer-sse42-aes
/sys/kernel/mm/hugepages	/sys/kernel/mm/hugepages	cpuminer-sse42-aes
/sys/bus/node/devices/node0/hugepages	/sys/bus/node/devices/node0/hugepages	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map	/sys/bus/cpu/devices/cpu0/cache/index2/shared_cpu_map	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index2/type	/sys/bus/cpu/devices/cpu0/cache/index2/type	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index3/level	/sys/bus/cpu/devices/cpu0/cache/index3/level	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index3/type	/sys/bus/cpu/devices/cpu0/cache/index3/type	cpuminer-sse42-aes
/sys/bus/cpu/devices/cpu0/cache/index3/id	/sys/bus/cpu/devices/cpu0/cache/index3/id	cpuminer-sse42-aes

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads