69309cd01ae688d48de1e709e63a694a11db9980018e40c655dfe114a32af633

Analysis

max time kernel
153s
max time network
102s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
14-06-2023 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mcut-network.exe
Size

3.6MB
MD5

d9e8917b4c8cd6b4f7497c0e9d533ac0
SHA1

db990c1adad43d01d06c8395afb00d520936b3c8
SHA256

69309cd01ae688d48de1e709e63a694a11db9980018e40c655dfe114a32af633
SHA512

2f6e6585562c16e28dff391167d388d548253c5b021aa556ca310bdff9f4c75db9bb21f17053048c360ccfb840c179b1fc7d9260e4fcd9897d1517ca5b00e8df
SSDEEP

49152:Ewo0SunQQ+8egAueMobCYuNfWsm2r6+3VnGOnWu+nWGlz//D+TdNq0:Y0hnQQXzFohEDiVzruq

Score

7^/10

antivm

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	tkLicOnline	589	df

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	mcut-network.exe

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/class/sunxi_info/sys_info	mcut-network.exe

Reads runtime system information 5 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/version	mcut-network.exe
File opened for reading	/proc/cmdline	mcut-network.exe
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/self/mountinfo	df
File opened for reading	/proc/filesystems	ls

/tmp/mcut-network.exe
/tmp/mcut-network.exe
1⤵
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:585
- /bin/sh
  sh -c "mkdir -p /var/mcut/.data//acesso//tmp/"
  2⤵
  PID:586
- - /bin/mkdir
    mkdir -p /var/mcut/.data//acesso//tmp/
    3⤵
    - Reads runtime system information
    PID:587

/bin/sh
sh -c "df -h"
1⤵
PID:590
- /bin/df
  df -h
  2⤵
  - Changes its process name
  - Reads runtime system information
  PID:591

/bin/sh
sh -c "ls -lh /dev/disk/by-uuid/"
1⤵
PID:592
- /bin/ls
  ls -lh /dev/disk/by-uuid/
  2⤵
  - Reads runtime system information
  PID:593

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/var/mcut/.data/.license/DINFO2-mcut-network.MCU

Filesize
1KB

MD5
4a3fb9d054e9290f1d920c41689b29be

SHA1
51518f5f4bfbb037d67b577291e4f730e0eb185d

SHA256
ec350f8877136a8f2e2ef2260443161ba23b5c43f66a6d3d078a1c1c3b6b3bb5

SHA512
89731742cdc6fb249a4b9da7b4a7236771994fb2bda304519d7114670708dfc3678f74455189a40571e6ad15167a5d60ffa8fd594c1ff8ef746adc71c8b9e65c

Download Submit
/var/mcut/.data/.license/licinfo.MCU

Filesize
79B

MD5
71b44211a8422342a0c75140e0cedd24

SHA1
ac25794e0dd02e64d78eae5bffad027b4638e5ef

SHA256
c045dbf3a1f0628c484939020cb05abe3b39a603c01b97959b0e3cdfd939b514

SHA512
6635b2e019196c8fdf1328d3a640856be3a994aa7e762c4487a103dc87ce215f602506d61f25794d4718c107ecf214a44bad7b7b9669e409b83ac924e8ff09d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads