General
-
Target
nide
-
Size
5.1MB
-
Sample
230307-jk4rbahc54
-
MD5
87d589d17bda65a8382de6d161aaea81
-
SHA1
ce836da7def9bfddb7cd8989f536ccbfecb77048
-
SHA256
876881f4c658ce8525f54e0eb06bfc8721f238878c3ff3e7f8387d7f84e13150
-
SHA512
8344570ad2153aba9e176d9efa1670f523d758a6879876979700e3b996056f62e7fa5a938c0594d13e7dbd79aa14380bd39f410c57a92da0d6d7f61c9dd68d1e
-
SSDEEP
49152:EpY+u34OLg5WDOPbb/5WtEQauJZyugcfp9qzomsJg6thtIViFYaj7dtS5g+A:a3ROLwPP/5WmqZUcfp9qzFQDIsz+A
Malware Config
Targets
-
-
Target
nide
-
Size
5.1MB
-
MD5
87d589d17bda65a8382de6d161aaea81
-
SHA1
ce836da7def9bfddb7cd8989f536ccbfecb77048
-
SHA256
876881f4c658ce8525f54e0eb06bfc8721f238878c3ff3e7f8387d7f84e13150
-
SHA512
8344570ad2153aba9e176d9efa1670f523d758a6879876979700e3b996056f62e7fa5a938c0594d13e7dbd79aa14380bd39f410c57a92da0d6d7f61c9dd68d1e
-
SSDEEP
49152:EpY+u34OLg5WDOPbb/5WtEQauJZyugcfp9qzomsJg6thtIViFYaj7dtS5g+A:a3ROLwPP/5WmqZUcfp9qzFQDIsz+A
Score9/10-
Attempts to identify hypervisor via CPU configuration
Checks CPU information for indicators that the system is a virtual machine.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-