Analysis
-
max time kernel
4s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
15/04/2023, 04:59
Static task
static1
Behavioral task
behavioral1
Sample
argocd-vault-plugin_1.8.0_linux_amd64
Resource
ubuntu1804-amd64-en-20211208
2 signatures
150 seconds
General
-
Target
argocd-vault-plugin_1.8.0_linux_amd64
-
Size
42.5MB
-
MD5
efad954c150b99d5c923efe5fe9edefb
-
SHA1
7d79329b2aff87e54d1370e8462c449cd865fb97
-
SHA256
791dc93c9d3470be7487eaf4f62910e161a971478b338a376efdfc2d9ad2428f
-
SHA512
e1388c40a4f1be1ca6db27df18922aa40e755e42108e2fa88b9e53ad9d7c3f48d5b30838a016e4e560a0d053ec7dde6a4559fc0c5466d56705358d4ff6d4297b
-
SSDEEP
196608:KJCtIwwoQyjmbQ1kedwR54osRsdnTemnvEjAgbSZJUA2OKp7Z2ZQWlM4Tt/+xOI9:oMIHR85Wb4Den/npI
Score
5/10
Malware Config
Signatures
-
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /sys/kernel/mm/transparent_hugepage/hpage_pmd_size argocd-vault-plugin_1.8.0_linux_amd64 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/argocd-vault-plugin_1.8.0_linux_amd64 /tmp/argocd-vault-plugin_1.8.0_linux_amd64 argocd-vault-plugin_1.8.0_linux_amd64