Resubmissions
01-02-2023 04:01
230201-ek9v4sdf51 10General
-
Target
x86_64
-
Size
3.7MB
-
Sample
230201-ek9v4sdf51
-
MD5
9ce12515012b3707e38586841dd12e88
-
SHA1
30e3b6b788abf3975845aeb79ce5f2f1e913e964
-
SHA256
f06d698967cee77e5a7bf9835b0a93394097e7590c156ed0d8c6304345701cfa
-
SHA512
b94d7040390ef7ab4d5fa96c04b2312c3a5a5366a629dbdcf54e8cdd41e48ed584d26e67889a2861323682eb5b6af95a0bed05948c87d0d4089c9d2a71176573
-
SSDEEP
98304:8V7K94UU7vqyQdj2S7fqECV8QUbMNvEKwFq3kSf7IMzqfyJd4P92uEabQvaRPi:O7rNvEKwFq3kSfgfyJd4PkT1ii
Malware Config
Targets
-
-
Target
x86_64
-
Size
3.7MB
-
MD5
9ce12515012b3707e38586841dd12e88
-
SHA1
30e3b6b788abf3975845aeb79ce5f2f1e913e964
-
SHA256
f06d698967cee77e5a7bf9835b0a93394097e7590c156ed0d8c6304345701cfa
-
SHA512
b94d7040390ef7ab4d5fa96c04b2312c3a5a5366a629dbdcf54e8cdd41e48ed584d26e67889a2861323682eb5b6af95a0bed05948c87d0d4089c9d2a71176573
-
SSDEEP
98304:8V7K94UU7vqyQdj2S7fqECV8QUbMNvEKwFq3kSf7IMzqfyJd4P92uEabQvaRPi:O7rNvEKwFq3kSfgfyJd4PkT1ii
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Write file to user bin folder
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-