Overview

overview

7

Static

static

flexvdi-cl...pimage

debian-9-armhf

flexvdi-cl...pimage

debian-9-mips

flexvdi-cl...pimage

debian-9-mipsel

flexvdi-cl...pimage

ubuntu-18.04-amd64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    flexvdi-client-3.1.4-x86_64.AppImage

  • Size

    15.1MB

  • Sample

    221016-j1j2vahbd2

  • MD5

    456f1ff23ebbdc552d2cb0b3036b3664

  • SHA1

    0eedf1f34805693d3e32939156482d2f701feb97

  • SHA256

    90ece97d209d2b36dd64df7112649366d24aa026203663399f1c8ccb222d81aa

  • SHA512

    17631b19a2e694a0bf99d69e978b1aee4e7fde3afc0b1083d92384f25b6f09030350b983e4b3ca038d81b846bba5525568cf169f7072b5d7eb9eed660409975d

  • SSDEEP

    393216:ymUYZncqI0AM2yR7avtYt6dcz9dFaaUeuKiR:SmcL0AM2mQtWz/FxUp

Score
7/10
linuxpersistence

Malware Config

Targets

    • Target

      flexvdi-client-3.1.4-x86_64.AppImage

    • Size

      15.1MB

    • MD5

      456f1ff23ebbdc552d2cb0b3036b3664

    • SHA1

      0eedf1f34805693d3e32939156482d2f701feb97

    • SHA256

      90ece97d209d2b36dd64df7112649366d24aa026203663399f1c8ccb222d81aa

    • SHA512

      17631b19a2e694a0bf99d69e978b1aee4e7fde3afc0b1083d92384f25b6f09030350b983e4b3ca038d81b846bba5525568cf169f7072b5d7eb9eed660409975d

    • SSDEEP

      393216:ymUYZncqI0AM2yR7avtYt6dcz9dFaaUeuKiR:SmcL0AM2mQtWz/FxUp

    Score
    7/10
    persistence

    • Write file to user bin folder

    • Creates .desktop file

      Linux desktops like GNOME require .desktop files to register applications. Sometimes abused by malware for persistence.

      persistence

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks