Overview

overview

10

Static

static

10

24a77a79f3...45b2f2

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    144s
  • max time network
    154s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    19-12-2023 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24a77a79f3d38bd861b460e4f545b2f2

  • Size

    7.0MB

  • MD5

    24a77a79f3d38bd861b460e4f545b2f2

  • SHA1

    b5ac9ef4705488da27f63fa5554621cb1e24b578

  • SHA256

    9d3cd867000e9885db703600c1b3f80e31fbdca8b42195fe3a0459fc78f7b40b

  • SHA512

    77cba0896bada263953d2aa4bf8dfc6f356dac776cb407fd5f7e424cdf7d0c062b21007621a339a602a64f4edffc9196ad618f8bcb8aa0fb6926a5f05de4b67a

  • SSDEEP

    98304:HeTKhZ9Dnw8r/MlwzBVw8Vt7Bxnam/3IX:++hZVnFO2F9N/

Score
6/10
antivmpersistence

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/24a77a79f3d38bd861b460e4f545b2f2
    /tmp/24a77a79f3d38bd861b460e4f545b2f2
    1⤵
    • Reads runtime system information
    PID:1550
    • /bin/cat
      cat /proc/version
      2⤵
      • Reads runtime system information
      PID:1553
  • /bin/cat
    cat /proc/cpuinfo
    1⤵
    • Checks CPU configuration
    PID:1555
  • /bin/uname
    uname -a
    1⤵
      PID:1556
    • /usr/bin/getconf
      getconf LONG_BIT
      1⤵
        PID:1557
      • /tmp/24a77a79f3d38bd861b460e4f545b2f2
        "[steal]"
        1⤵
        • Reads runtime system information
        PID:1558
        • /bin/cat
          cat /proc/version
          2⤵
          • Reads runtime system information
          PID:1561
      • /bin/cat
        cat /proc/cpuinfo
        1⤵
        • Checks CPU configuration
        PID:1562
      • /bin/uname
        uname -a
        1⤵
          PID:1563
        • /usr/bin/getconf
          getconf LONG_BIT
          1⤵
            PID:1564
          • /usr/bin/crontab
            /usr/bin/crontab /tmp/nip9iNeiph5chee
            1⤵
            • Creates/modifies Cron job
            PID:1570

          Network

          MITRE ATT&CK Matrix ATT&CK v13

          Initial Access

          Execution

          Scheduled Task/Job

          1
          T1053

          Persistence

          Scheduled Task/Job

          1
          T1053

          Privilege Escalation

          Scheduled Task/Job

          1
          T1053

          Defense Evasion

          Virtualization/Sandbox Evasion

          1
          T1497

          Credential Access

          Discovery

          Virtualization/Sandbox Evasion

          1
          T1497

          Lateral Movement

          Collection

          Exfiltration

          Command and Control

          Impact

          Resource Development

          Reconnaissance

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/.pids
            Filesize

            4B

            MD5

            29921001f2f04bd3baee84a12e98098f

            SHA1

            ca9e263d07340b8b04eea95e4172ccb3800e773a

            SHA256

            67a375e4ddcdb509545a752ea82be28b546ded87431078fe6fc1ead202f5815c

            SHA512

            8b08c53440133f5bc3800670ce2702484ae7d5d7bf82489e8239146997a48bbad165d6579beef8d2a0a30e7e008546e95179cd20a674292182922f66ff5cf2f0

            Download Submit
          • /tmp/nip9iNeiph5chee
            Filesize

            66B

            MD5

            e62307ad5172e049862e11a37a7ee1ea

            SHA1

            bcb0f0298cf5c68d68ebba025c2db08e40e70ac1

            SHA256

            62f11fccf1038ff6f66cb37cb3e93bbf39dc819f0b7df62f22da02854586d81b

            SHA512

            cacbf47dfbe1ede749bbfd62456d099dd7724b7b23fadfd45c406add6f53ede68204de94b7e226f61df266584eb57ea9c6657bcfcfcb90ff70ee864e8b44a3d2

            Download Submit
          • /var/spool/cron/crontabs/tmp.3GAh1O
            Filesize

            260B

            MD5

            3c5bb4275cea18c6e96597e983c253c1

            SHA1

            20bc87ef1bb134554059d553e59c1aa795de27d9

            SHA256

            63db11cd60602b8ac24a806fa7d4970ee9432450e9141a533583a8587281bd78

            SHA512

            e020f22326977c93b85bfc4acfddfb5232a7c239512d96eb5824330b679f27d8fe9867b16ce650ffffa04b108ef7b2880844f79746cd1c786b019a49c8c5256a

            Download Submit