5fbf8b62c44f10be2efab97c5f5dbf15b74fae31e451ec10abbc74e54a04ff44

Analysis

max time kernel
0s
max time network
103s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
09/09/2022, 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jdk-17.0.4.1+1/bin/jconsole
Size

16KB
MD5

5f1671fa498f981e0b449daa0b4d6c6e
SHA1

c7e9ff0b840cd90a66cf7224d8dcf6515b18fc32
SHA256

c3e7cadbaa61cf85a544604fceb7107212dba572d34d3dac00f7711f81427214
SHA512

8ba42a7f8099e1a17cd6d712c487bb29c550aef99f6574cf82ac7b1a24043c96b152a58f30def1ecde5eed75ac4accd6b60ce5cc5915dafeb2ad3c7f371e59f7
SSDEEP

96:RYEpTZBWBS9V/EAnR9rbDrVfdR1wPV/n87/q8BtFmZvBGqiVgdi:RdF8mEmRhbDrVlRi8hxKvMqiC

Score

9^/10

antivm

Malware Config

Signatures

Attempts to identify hypervisor via CPU configuration 1 TTPs 1 IoCs

Checks CPU information for indicators that the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc
/proc/cpuinfo	/proc/cpuinfo

Enumerates kernel/hardware configuration 1 TTPs 7 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc
/sys/devices/system/cpu	/sys/devices/system/cpu
/sys/fs/cgroup/memory/memory.use_hierarchy	/sys/fs/cgroup/memory/memory.use_hierarchy
/sys/fs/cgroup/memory/memory.limit_in_bytes	/sys/fs/cgroup/memory/memory.limit_in_bytes
/sys/fs/cgroup/memory/memory.stat	/sys/fs/cgroup/memory/memory.stat
/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us
/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_period_us	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_period_us
/sys/fs/cgroup/cpu,cpuacct/cpu.shares	/sys/fs/cgroup/cpu,cpuacct/cpu.shares

Reads runtime system information 6 IoCs

Reads data from /proc virtual filesystem.

description	ioc
/proc/stat	/proc/stat
/proc/cgroups	/proc/cgroups
/proc/self/cgroup	/proc/self/cgroup
/proc/self/mountinfo	/proc/self/mountinfo
/proc/self/coredump_filter	/proc/self/coredump_filter
/proc/578	/proc/578

Writes file to tmp directory 46 IoCs

Malware often drops required files in the /tmp directory.

/tmp/jdk-17.0.4.1+1/bin/jconsole
/tmp/jdk-17.0.4.1+1/bin/jconsole
1⤵
- Writes file to tmp directory
PID:577

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

description	ioc	Process
/tmp/jdk-17.0.4.1+1/bin/../lib/tls/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/../lib/tls/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/libc.so.6	/tmp/jdk-17.0.4.1+1/bin/libc.so.6	jconsole
/tmp/jdk-17.0.4.1+1/bin/libnss_compat.so.2	/tmp/jdk-17.0.4.1+1/bin/libnss_compat.so.2	Process not Found
/tmp/hsperfdata_root	/tmp/hsperfdata_root	Process not Found
/tmp/jdk-17.0.4.1+1/bin/../lib/tls/haswell/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/../lib/tls/haswell/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/libpthread.so.0	/tmp/jdk-17.0.4.1+1/bin/../lib/libpthread.so.0	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/librt.so.1	/tmp/jdk-17.0.4.1+1/bin/../lib/librt.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/libm.so.6	/tmp/jdk-17.0.4.1+1/bin/libm.so.6	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/libnss_compat.so.2	/tmp/jdk-17.0.4.1+1/bin/../lib/libnss_compat.so.2	Process not Found
/tmp/jdk-17.0.4.1+1/bin/libpthread.so.0	/tmp/jdk-17.0.4.1+1/bin/libpthread.so.0	jconsole
/tmp/jdk-17.0.4.1+1/bin/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/tls/haswell/x86_64/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/../lib/tls/haswell/x86_64/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/haswell/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/../lib/haswell/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/x86_64/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/../lib/x86_64/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/../lib/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/libdl.so.2	/tmp/jdk-17.0.4.1+1/bin/libdl.so.2	jconsole
/tmp/jdk-17.0.4.1+1/lib/server/libjvm.so	/tmp/jdk-17.0.4.1+1/lib/server/libjvm.so	jconsole
/tmp/jdk-17.0.4.1+1/bin/haswell/x86_64/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/haswell/x86_64/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/lib/libjava.so	/tmp/jdk-17.0.4.1+1/lib/libjava.so	Process not Found
/tmp/jdk-17.0.4.1+1/bin/libnss_nis.so.2	/tmp/jdk-17.0.4.1+1/bin/libnss_nis.so.2	Process not Found
/tmp/jdk-17.0.4.1+1/bin/libjli.so	/tmp/jdk-17.0.4.1+1/bin/libjli.so	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/libjli.so	/tmp/jdk-17.0.4.1+1/bin/../lib/libjli.so	jconsole
/tmp/jdk-17.0.4.1+1/lib/endorsed	/tmp/jdk-17.0.4.1+1/lib/endorsed	Process not Found
/tmp/jdk-17.0.4.1+1/bin/tls/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/tls/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/tls/haswell/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/tls/haswell/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/tls/x86_64/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/tls/x86_64/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/x86_64/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/x86_64/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/tls/x86_64/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/../lib/tls/x86_64/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/libdl.so.2	/tmp/jdk-17.0.4.1+1/bin/../lib/libdl.so.2	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/libc.so.6	/tmp/jdk-17.0.4.1+1/bin/../lib/libc.so.6	jconsole
/tmp/jdk-17.0.4.1+1/lib/jvm.cfg	/tmp/jdk-17.0.4.1+1/lib/jvm.cfg	jconsole
/tmp/jdk-17.0.4.1+1/bin/tls/haswell/x86_64/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/tls/haswell/x86_64/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/libnss_nis.so.2	/tmp/jdk-17.0.4.1+1/bin/../lib/libnss_nis.so.2	Process not Found
/tmp/jdk-17.0.4.1+1/bin/../lib/libm.so.6	/tmp/jdk-17.0.4.1+1/bin/../lib/libm.so.6	jconsole
/tmp/jdk-17.0.4.1+1/bin/../lib/libnsl.so.1	/tmp/jdk-17.0.4.1+1/bin/../lib/libnsl.so.1	Process not Found
/tmp/jdk-17.0.4.1+1/bin/libnss_files.so.2	/tmp/jdk-17.0.4.1+1/bin/libnss_files.so.2	Process not Found
/tmp/jdk-17.0.4.1+1/bin/../lib/libnss_files.so.2	/tmp/jdk-17.0.4.1+1/bin/../lib/libnss_files.so.2	Process not Found
/tmp/jdk-17.0.4.1+1/lib/libjsvml.so	/tmp/jdk-17.0.4.1+1/lib/libjsvml.so	Process not Found
/tmp/jdk-17.0.4.1+1/lib/ext	/tmp/jdk-17.0.4.1+1/lib/ext	Process not Found
/tmp/jdk-17.0.4.1+1/bin/librt.so.1	/tmp/jdk-17.0.4.1+1/bin/librt.so.1	jconsole
/tmp/jdk-17.0.4.1+1/lib/libjimage.so	/tmp/jdk-17.0.4.1+1/lib/libjimage.so	Process not Found
/tmp/jdk-17.0.4.1+1/bin/libnsl.so.1	/tmp/jdk-17.0.4.1+1/bin/libnsl.so.1	Process not Found
/tmp/jdk-17.0.4.1+1/bin/haswell/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/haswell/libz.so.1	jconsole
/tmp/jdk-17.0.4.1+1/lib/modules	/tmp/jdk-17.0.4.1+1/lib/modules	Process not Found
/tmp/jdk-17.0.4.1+1/lib/server/classes.jsa	/tmp/jdk-17.0.4.1+1/lib/server/classes.jsa	Process not Found
/tmp/jdk-17.0.4.1+1/bin/../lib/haswell/x86_64/libz.so.1	/tmp/jdk-17.0.4.1+1/bin/../lib/haswell/x86_64/libz.so.1	jconsole

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads