Overview

overview

10

Static

static

10

1fde441936...ffcc99

debian-9-armhf

6

Analysis

  • max time kernel
    152s
  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    19-12-2023 22:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fde441936f2c4f90e0845d87fffcc99

  • Size

    731KB

  • MD5

    1fde441936f2c4f90e0845d87fffcc99

  • SHA1

    7b6159b960476ea5cfebb229906212ab7c06561b

  • SHA256

    ed561faa7652340dc13cd2f777e74bb399c624eda3311b13fc37350fb381b512

  • SHA512

    0b8f3448c6666ee69dd670ca549989da40f3f894b2ec5508b998cacf7ae3ba419a93f092c1580211c2dcd32a1f1a30e94a29d5e32d2a7496dc53b8c0f3e4b7ee

  • SSDEEP

    12288:BT88nNzKOrU5wIQGq6JvWIvnmZajby5LjvzyKhGk8hX5e6rJb17x90p:F8C9KO4lHq6JedZajbgLjHPU5ZJbxxC

Score
6/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads runtime system information 8 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/1fde441936f2c4f90e0845d87fffcc99
    /tmp/1fde441936f2c4f90e0845d87fffcc99
    1⤵
    • Checks CPU configuration
    PID:657
    • /bin/sh
      sh -c "chmod +x /etc/rc.local"
      2⤵
        PID:658
        • /bin/chmod
          chmod +x /etc/rc.local
          3⤵
            PID:660
        • /bin/sh
          sh -c "mv /tmp/1fde441936f2c4f90e0845d87fffcc99 /etc/1fde441936f2c4f90e0845d87fffcc99"
          2⤵
            PID:662
            • /bin/mv
              mv /tmp/1fde441936f2c4f90e0845d87fffcc99 /etc/1fde441936f2c4f90e0845d87fffcc99
              3⤵
              • Reads runtime system information
              PID:663
          • /bin/sh
            sh -c "cd /etc;chmod 777 1fde441936f2c4f90e0845d87fffcc99"
            2⤵
              PID:667
              • /bin/chmod
                chmod 777 1fde441936f2c4f90e0845d87fffcc99
                3⤵
                  PID:669
              • /bin/sh
                sh -c "sed -i -e '/exit/d' /etc/rc.local"
                2⤵
                  PID:670
                  • /bin/sed
                    sed -i -e /exit/d /etc/rc.local
                    3⤵
                    • Reads runtime system information
                    PID:672
                • /bin/sh
                  sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
                  2⤵
                    PID:674
                    • /bin/sed
                      sed -i -e "/^ | | \$/d" /etc/rc.local
                      3⤵
                      • Reads runtime system information
                      PID:675
                  • /bin/sh
                    sh -c "sed -i -e '/1fde441936f2c4f90e0845d87fffcc99/d' /etc/rc.local"
                    2⤵
                      PID:677
                      • /bin/sed
                        sed -i -e /1fde441936f2c4f90e0845d87fffcc99/d /etc/rc.local
                        3⤵
                        • Reads runtime system information
                        PID:678
                    • /bin/sh
                      sh -c "sed -i -e '2 i/etc/1fde441936f2c4f90e0845d87fffcc99 reboot' /etc/rc.local"
                      2⤵
                        PID:679
                        • /bin/sed
                          sed -i -e "2 i/etc/1fde441936f2c4f90e0845d87fffcc99 reboot" /etc/rc.local
                          3⤵
                          • Reads runtime system information
                          PID:680
                      • /bin/sh
                        sh -c "sed -i -e '2 i/etc/1fde441936f2c4f90e0845d87fffcc99 start' /etc/rc.d/rc.local"
                        2⤵
                          PID:682
                          • /bin/sed
                            sed -i -e "2 i/etc/1fde441936f2c4f90e0845d87fffcc99 start" /etc/rc.d/rc.local
                            3⤵
                            • Reads runtime system information
                            PID:683
                        • /bin/sh
                          sh -c "sed -i -e '2 i/etc/1fde441936f2c4f90e0845d87fffcc99 start' /etc/init.d/boot.local"
                          2⤵
                            PID:684
                            • /bin/sed
                              sed -i -e "2 i/etc/1fde441936f2c4f90e0845d87fffcc99 start" /etc/init.d/boot.local
                              3⤵
                              • Reads runtime system information
                              PID:685

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads