3d4dd39b2e43fa5723c7f58622e0af5a4abac55d227e6c3063d58a73d46d2949

Analysis

max time kernel
10s
max time network
145s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20230831-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
14/10/2023, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cevents.exe
Size

8.1MB
MD5

951c95b7aefb23b3970ed13aa8d1a301
SHA1

75b9924955e775e53ebae22466fa0554be0488ea
SHA256

3d4dd39b2e43fa5723c7f58622e0af5a4abac55d227e6c3063d58a73d46d2949
SHA512

16583e7eafd1a4dc1b5a786972c7cdda86aeb959f96dc9c40f59e6c6e3d15f0d8596172daa0d0fb8b6922f2392d4d3d11e14005c32d74d98c096a4faaa73c342
SSDEEP

98304:NhJgRMkSKX2N5yWurtjLt8GsdFcwLOj9IZGTj+yZ69dB/G9ePiB9X9:NcukSStjLt8Lv/qaO9ePiV

Score

7^/10

antivm

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	tkLicOnline	611

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	cevents.exe

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/class/sunxi_info/sys_info	cevents.exe

Reads runtime system information 5 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/self/mountinfo	df
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/version	cevents.exe
File opened for reading	/proc/cmdline	cevents.exe

/tmp/cevents.exe
/tmp/cevents.exe
1⤵
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:607
- /bin/sh
  sh -c "mkdir -p /var/mcut/.data//acesso//tmp/"
  2⤵
  PID:608
- - /bin/mkdir
    mkdir -p /var/mcut/.data//acesso//tmp/
    3⤵
    - Reads runtime system information
    PID:609

/bin/sh
sh -c "df -h"
1⤵
PID:612
- /bin/df
  df -h
  2⤵
  - Reads runtime system information
  PID:613

/bin/sh
sh -c "ls -lh /dev/disk/by-uuid/"
1⤵
PID:614
- /bin/ls
  ls -lh /dev/disk/by-uuid/
  2⤵
  - Reads runtime system information
  PID:615

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/var/mcut/.data/.license/DINFO2-cevents.MCU.tmp.writing

Filesize
1KB

MD5
20341387a67d17d5f263afba9d1338af

SHA1
7f3fc058ae4f80dee7a7a02b83b642c34f8014f4

SHA256
b17a8d8b4232b5c9a18a16db09257975c08b64df824d914afdcfacad68ad15b2

SHA512
8b3166a471284aa974d0c7482b7aa106709ac04cff8bd245e32b8e58b73dcf2eefc4469c145db417f539994d50dbd52833a4e86806e3f465b9545177e48acbf6

Download Submit
/var/mcut/.data/.license/licinfo.MCU.tmp.writing

Filesize
79B

MD5
2c43b574ea04f9897d3cfb07b8feca49

SHA1
f997bff2946df0e6d4514ef3a09fafeadeae4cb6

SHA256
b49836795a26576e71e6fa1beb84fc7c8acdd9d9bbad574009f8d8c58e4dbfc5

SHA512
10f085f847382263daad6793a093fdd2d54bc2a0108a2916fc9b049e600cc57747b5f786e8533cdd1ad5d22028f26b5f53912b9c9a4121e69062060e17e68eed

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads