c9d3ffab53ba686df1de7142f4bdb1f8115e1119b354a7c34434d02ef87751e7

Analysis

max time kernel
152s
max time network
154s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19-12-2023 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d4eee8331a2d5ead9cd8137bc35a8e4
Size

634KB
MD5

1d4eee8331a2d5ead9cd8137bc35a8e4
SHA1

bbdc1f6bf7d75e084dba981ef0fc2cfbd0a80af9
SHA256

c9d3ffab53ba686df1de7142f4bdb1f8115e1119b354a7c34434d02ef87751e7
SHA512

8baa1a8e89818310403c2695a8d7bbb729cd91cb151287aea85c93acc23d8ffd5501c1af53c3a477ee3e63ee29753e7cd06b49f39119396e8e9877a13d6f4b5d
SSDEEP

12288:VOAeE6Gb997Jbkk+0Ok9+eznL6mhYhrWrfpVngfGg69vMbadCqHxCgxLBS8+IM44:VOE6Gb997Jbkk+0eeznLJhsrWrRVgD68

Score

7^/10

antivm

Malware Config

Signatures

Unexpected DNS network traffic destination 14 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114
Destination IP	114.114.114.114

Checks CPU configuration 1 TTPs 2 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	1d4eee8331a2d5ead9cd8137bc35a8e4
File opened for reading	/proc/cpuinfo	Process not Found

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc
File opened for reading	/proc/net/dev

Reads runtime system information 6 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/stat	Process not Found
File opened for reading	/proc/filesystems	mv
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed

/tmp/1d4eee8331a2d5ead9cd8137bc35a8e4
/tmp/1d4eee8331a2d5ead9cd8137bc35a8e4
1⤵
- Checks CPU configuration
PID:1518
- /bin/sh
  sh -c "chmod +x /etc/rc.local"
  2⤵
  PID:1519
- - /bin/chmod
    chmod +x /etc/rc.local
    3⤵
    PID:1520
- /bin/sh
  sh -c "mv /tmp/1d4eee8331a2d5ead9cd8137bc35a8e4 /etc/1d4eee8331a2d5ead9cd8137bc35a8e4"
  2⤵
  PID:1521
- - /bin/mv
    mv /tmp/1d4eee8331a2d5ead9cd8137bc35a8e4 /etc/1d4eee8331a2d5ead9cd8137bc35a8e4
    3⤵
    - Reads runtime system information
    PID:1522
- /bin/sh
  sh -c "cd /etc;chmod 777 1d4eee8331a2d5ead9cd8137bc35a8e4"
  2⤵
  PID:1523
- - /bin/chmod
    chmod 777 1d4eee8331a2d5ead9cd8137bc35a8e4
    3⤵
    PID:1524
- /bin/sh
  sh -c "sed -i -e '/1d4eee8331a2d5ead9cd8137bc35a8e4/d' /etc/rc.local"
  2⤵
  PID:1525
- - /bin/sed
    sed -i -e /1d4eee8331a2d5ead9cd8137bc35a8e4/d /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:1526
- /bin/sh
  sh -c "sed -i -e '2 i/etc/1d4eee8331a2d5ead9cd8137bc35a8e4 reboot' /etc/rc.local"
  2⤵
  PID:1527
- - /bin/sed
    sed -i -e "2 i/etc/1d4eee8331a2d5ead9cd8137bc35a8e4 reboot" /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:1528
- /bin/sh
  sh -c "sed -i -e '2 i/etc/1d4eee8331a2d5ead9cd8137bc35a8e4 start' /etc/rc.d/rc.local"
  2⤵
  PID:1529
- - /bin/sed
    sed -i -e "2 i/etc/1d4eee8331a2d5ead9cd8137bc35a8e4 start" /etc/rc.d/rc.local
    3⤵
    - Reads runtime system information
    PID:1530
- /bin/sh
  sh -c "sed -i -e '2 i/etc/1d4eee8331a2d5ead9cd8137bc35a8e4 start' /etc/init.d/boot.local"
  2⤵
  PID:1531
- - /bin/sed
    sed -i -e "2 i/etc/1d4eee8331a2d5ead9cd8137bc35a8e4 start" /etc/init.d/boot.local
    3⤵
    - Reads runtime system information
    PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Network Configuration Discovery

T1016

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads