General
-
Target
h4
-
Size
5.7MB
-
Sample
220823-lcv6bafdc2
-
MD5
9741b569c88166bbc9bbdc2dea6797b9
-
SHA1
66b9dfae6a32b9b024b351b675275be7efcffff6
-
SHA256
c81d4770e812ddc883ead8ff41fd2e5a7d5bc8056521219ccf8784219d1bd819
-
SHA512
9b76fea5e2f40258a75d819613db03d33dc2eb47f62a5f5d9284a966ae43dc9c8e9459d83f083e080798505310f4d229dd2a935c8dc94419697ca9eaf6b7be8c
-
SSDEEP
98304:0xDKXk3n4nXX+GjEj/jM8MMM8MMMMMwMMwbvUvUvkGjrGjH78lSL2ENpqqnBBST5:2obi8WNhigZlBnhIofU3JL
Malware Config
Targets
-
-
Target
h4
-
Size
5.7MB
-
MD5
9741b569c88166bbc9bbdc2dea6797b9
-
SHA1
66b9dfae6a32b9b024b351b675275be7efcffff6
-
SHA256
c81d4770e812ddc883ead8ff41fd2e5a7d5bc8056521219ccf8784219d1bd819
-
SHA512
9b76fea5e2f40258a75d819613db03d33dc2eb47f62a5f5d9284a966ae43dc9c8e9459d83f083e080798505310f4d229dd2a935c8dc94419697ca9eaf6b7be8c
-
SSDEEP
98304:0xDKXk3n4nXX+GjEj/jM8MMM8MMMMMwMMwbvUvUvkGjrGjH78lSL2ENpqqnBBST5:2obi8WNhigZlBnhIofU3JL
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-