Overview

overview

10

Static

static

10

1094b5c3fc...fe84cb

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    155s
  • max time network
    159s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    19-12-2023 22:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1094b5c3fcfeb6492e7d25bda6fe84cb

  • Size

    6.9MB

  • MD5

    1094b5c3fcfeb6492e7d25bda6fe84cb

  • SHA1

    f49d37312e3002cb4dbe480e1fb7bfc7d50ea02b

  • SHA256

    071129b4866da8cb786298d4e569126ff4b2216382357ae9d8af70a51cbe624a

  • SHA512

    fbaecf93a8bd701aab1fc7859507f56a228eea6a232420cd3ce9c1045cb960a03fb7ea010ad14a4991b2b4ff90a131f8c2da7498922b40c95ba5be6898ecc026

  • SSDEEP

    49152:SCs7sxgEAE4fTPqbO9BwalW5u0qBFEeaHTOAE6kEKy+XJw9ZEOr2JcZ51NPtvGxL:m2gRE4eCPW5uLBFWT7+3UPVGGmQWCIX

Score
6/10
antivmpersistence

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/1094b5c3fcfeb6492e7d25bda6fe84cb
    /tmp/1094b5c3fcfeb6492e7d25bda6fe84cb
    1⤵
    • Reads runtime system information
    PID:1537
    • /bin/cat
      cat /proc/version
      2⤵
      • Reads runtime system information
      PID:1540
  • /bin/cat
    cat /proc/cpuinfo
    1⤵
    • Checks CPU configuration
    PID:1542
  • /bin/uname
    uname -a
    1⤵
      PID:1543
    • /usr/bin/getconf
      getconf LONG_BIT
      1⤵
        PID:1544
      • /tmp/1094b5c3fcfeb6492e7d25bda6fe84cb
        "[stealth]"
        1⤵
        • Reads runtime system information
        PID:1545
        • /bin/cat
          cat /proc/version
          2⤵
          • Reads runtime system information
          PID:1551
      • /bin/cat
        cat /proc/cpuinfo
        1⤵
        • Checks CPU configuration
        PID:1552
      • /bin/uname
        uname -a
        1⤵
          PID:1553
        • /usr/bin/getconf
          getconf LONG_BIT
          1⤵
            PID:1554
          • /usr/bin/crontab
            /usr/bin/crontab /tmp/nip9iNeiph5chee
            1⤵
            • Creates/modifies Cron job
            PID:1555

          Network

          MITRE ATT&CK Matrix ATT&CK v13

          Initial Access

          Execution

          Scheduled Task/Job

          1
          T1053

          Persistence

          Scheduled Task/Job

          1
          T1053

          Privilege Escalation

          Scheduled Task/Job

          1
          T1053

          Defense Evasion

          Virtualization/Sandbox Evasion

          1
          T1497

          Credential Access

          Discovery

          Virtualization/Sandbox Evasion

          1
          T1497

          Lateral Movement

          Collection

          Exfiltration

          Command and Control

          Impact

          Resource Development

          Reconnaissance

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/.pid
            Filesize

            4B

            MD5

            89ae0fe22c47d374bc9350ef99e01685

            SHA1

            fc27fbae8511b00b820da34fd107d27b11a72855

            SHA256

            8b1fbeee2ea27bf5b180d2c10372ad571a5233b0ba34f272a7bda75f93cbcb84

            SHA512

            f1f8813569296ef5c373abcd5e901772d4ee10e196865acdb8231ab73f564257fc76057ba71d42c77ca195a6a70d2c24007b4e006387beccc2b1543faf6f9ca4

            Download Submit
          • /tmp/nip9iNeiph5chee
            Filesize

            66B

            MD5

            2149895cfafe059bb241bead33fa0db7

            SHA1

            afd5e3a21b681aa833f3c42545ef20f2946c9933

            SHA256

            04fb5b1211621afd1f881644f0aafeb27a1c120246305ec928f09cd78678bc9e

            SHA512

            8778f048d22eef81ad54f231d4e2c172bf00110c4d67907b7f19e332bad6e0cc92836e7e580687dbedc6b71bcbbf2d416f3240af0c96b4317f48c25169bfcc99

            Download Submit
          • /var/spool/cron/crontabs/tmp.V5fHAN
            Filesize

            260B

            MD5

            23ba5adeb5a38deb8b9c657ee453168d

            SHA1

            01985d130cca64d92070d15633731030e7c499df

            SHA256

            611a68ef42c0d6d0d32597159728a3f0764dcae3ca397c82a0adb1298dc31d90

            SHA512

            f9c9e62698167a55dde32c161b0ed7d3fc6fad1d3256d11d9f5f9a2398e0ad051c879882d317887e6cbd5bddb1c7862e368b906104c40b3e540de30f3a1460c7

            Download Submit