215293b8bdd0a57497d5cc62421e64bb29334e088578679cbf509d66c7b7dc7e | Triage

Submit
Reports

Overview

overview

7

Static

static

7

1

ubuntu-18.04-amd64

7

Resubmissions

07-06-2023 15:38

230607-s3e1cach8w 7

07-06-2023 15:35

230607-s1gq6acc63 7

Sharing

General

Target

1
Size

2.3MB
Sample

230607-s1gq6acc63
MD5

fb95fc8c3ed253dec1b08722f1bbf18e
SHA1

d48d6dc76323efa8c0ae799d245a650b9d914c09
SHA256

215293b8bdd0a57497d5cc62421e64bb29334e088578679cbf509d66c7b7dc7e
SHA512

498f68c04f66a4cbcfed7e38f779183b2a7766948def1d159158c2799893ddcfb9a7dc2762c8958d6ae479a62f71edee460ac31a5939aa3c149efe59a987834e
SSDEEP

49152:QM4HMaoo1fdQLCS1ytoWW7b/7GN2PM6jm:94Hp11aChtoB7b/7GYEZ

Score

7^/10

antivm linux persistence rootkit upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1

Resource

ubuntu1804-amd64-20221111-en

antivm persistence rootkit

ubuntu-18.04-amd64

10 signatures

1800 seconds

Malware Config

Targets

- Target
  
  1
- Size
  
  2.3MB
- MD5
  
  fb95fc8c3ed253dec1b08722f1bbf18e
- SHA1
  
  d48d6dc76323efa8c0ae799d245a650b9d914c09
- SHA256
  
  215293b8bdd0a57497d5cc62421e64bb29334e088578679cbf509d66c7b7dc7e
- SHA512
  
  498f68c04f66a4cbcfed7e38f779183b2a7766948def1d159158c2799893ddcfb9a7dc2762c8958d6ae479a62f71edee460ac31a5939aa3c149efe59a987834e
- SSDEEP
  
  49152:QM4HMaoo1fdQLCS1ytoWW7b/7GN2PM6jm:94Hp11aChtoB7b/7GYEZ
Score

7^/10

antivm persistence rootkit
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads CPU attributes
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

antivmpersistencerootkit

© 2018-2024

Terms | Privacy