General
-
Target
18a4352b2101b4fa81652d5fce34b08ed7def8bd40e413cebf991ede97692a02.zip
-
Size
1.9MB
-
Sample
221012-tg8k7saeh6
-
MD5
82a12966ce4fa5990828c528d25871db
-
SHA1
30c8c9325fcca1d3cd701c9094256d7f6087b366
-
SHA256
4cd12fce3d2b359f22d6ff7531db3e23ab1ae7c257549b9bd5a049f405feb726
-
SHA512
cf9b400c677e91baf78b186e353374cc13db3f3a4de0100de4a7df2f5b5c7544f4a7d0b1c79e3495c15bb1eb970387fb6d2739f328ec176bb5c28bf80da397e3
-
SSDEEP
49152:Cemb7RHvm1ErcAGz4MWscR/BFnGBXHGXm6bSBZ:CemN8ER0JHGXm/BZ
Static task
static1
Behavioral task
behavioral1
Sample
18a4352b2101b4fa81652d5fce34b08ed7def8bd40e413cebf991ede97692a02.elf
Resource
debian9-mipsbe-en-20211208
Malware Config
Targets
-
-
Target
18a4352b2101b4fa81652d5fce34b08ed7def8bd40e413cebf991ede97692a02.elf
-
Size
1.9MB
-
MD5
ae5592bdb0464f06c88f665282991b82
-
SHA1
be5bf9dfec7fae911666060f584b4ffd0b04185f
-
SHA256
18a4352b2101b4fa81652d5fce34b08ed7def8bd40e413cebf991ede97692a02
-
SHA512
4c57878362b342a0928c8ddcb3fccff79be1ee0164e4f16c2d5169d14ea8ce322ac37693f965e8584fa950d733b70fe3d084cce4cf3675d62104482404b870a0
-
SSDEEP
49152:Um7vtBcWDjchCCpjy3WT/N7SExRtmbj2mEE5MBn:U67cWDoggmrExRtmbHEE2Bn
Score10/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-