Overview

overview

10

Static

static

10

6d98dd77dc...fab6d9

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    19/12/2023, 23:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6d98dd77dc7533187e4dc917befab6d9

  • Size

    1.0MB

  • MD5

    6d98dd77dc7533187e4dc917befab6d9

  • SHA1

    98cfa3d9fffa2c8fe0f7d42607cf7b616cbe9e20

  • SHA256

    eef2a7d841ebc853f5bb68b30c16dac3aaedb0a8df2a81fea4dfbc89bd84094a

  • SHA512

    8e9d7bf7d36fee9dea05f8f37de38c0909aed40af434c5e71e96cf2232adf6c637a809cb37d010507b8bedd2a348c417abf66ae87d653782ea6bcd0a1e12aa6b

  • SSDEEP

    24576:RsqZhvnhHXuhshNjm3Bp6gDgR16lwzBWa4wwS49TrHg29XE/PoroyUkNR9:PhvnhHXuhshNjK8AlGWaoRroyUk

Score
6/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/6d98dd77dc7533187e4dc917befab6d9
    /tmp/6d98dd77dc7533187e4dc917befab6d9
    1⤵
    • Checks CPU configuration
    PID:1532
    • /bin/sh
      sh -c "chmod +x /etc/rc.local"
      2⤵
        PID:1533
        • /bin/chmod
          chmod +x /etc/rc.local
          3⤵
            PID:1534
        • /bin/sh
          sh -c "mv /tmp/6d98dd77dc7533187e4dc917befab6d9 /etc/6d98dd77dc7533187e4dc917befab6d9"
          2⤵
            PID:1535
            • /bin/mv
              mv /tmp/6d98dd77dc7533187e4dc917befab6d9 /etc/6d98dd77dc7533187e4dc917befab6d9
              3⤵
              • Reads runtime system information
              PID:1536
          • /bin/sh
            sh -c "cd /etc;chmod 777 6d98dd77dc7533187e4dc917befab6d9"
            2⤵
              PID:1537
              • /bin/chmod
                chmod 777 6d98dd77dc7533187e4dc917befab6d9
                3⤵
                  PID:1538
              • /bin/sh
                sh -c "sed -i -e '/exit/d' /etc/rc.local"
                2⤵
                  PID:1539
                  • /bin/sed
                    sed -i -e /exit/d /etc/rc.local
                    3⤵
                    • Reads runtime system information
                    PID:1540
                • /bin/sh
                  sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
                  2⤵
                    PID:1541
                    • /bin/sed
                      sed -i -e "/^ | | \$/d" /etc/rc.local
                      3⤵
                      • Reads runtime system information
                      PID:1542
                  • /bin/sh
                    sh -c "sed -i -e '/6d98dd77dc7533187e4dc917befab6d9/d' /etc/rc.local"
                    2⤵
                      PID:1543
                      • /bin/sed
                        sed -i -e /6d98dd77dc7533187e4dc917befab6d9/d /etc/rc.local
                        3⤵
                        • Reads runtime system information
                        PID:1544
                    • /bin/sh
                      sh -c "sed -i -e '2 i/etc/6d98dd77dc7533187e4dc917befab6d9 reboot' /etc/rc.local"
                      2⤵
                        PID:1545
                        • /bin/sed
                          sed -i -e "2 i/etc/6d98dd77dc7533187e4dc917befab6d9 reboot" /etc/rc.local
                          3⤵
                          • Reads runtime system information
                          PID:1546
                      • /bin/sh
                        sh -c "sed -i -e '2 i/etc/6d98dd77dc7533187e4dc917befab6d9 start' /etc/rc.d/rc.local"
                        2⤵
                          PID:1547
                          • /bin/sed
                            sed -i -e "2 i/etc/6d98dd77dc7533187e4dc917befab6d9 start" /etc/rc.d/rc.local
                            3⤵
                            • Reads runtime system information
                            PID:1548
                        • /bin/sh
                          sh -c "sed -i -e '2 i/etc/6d98dd77dc7533187e4dc917befab6d9 start' /etc/init.d/boot.local"
                          2⤵
                            PID:1549
                            • /bin/sed
                              sed -i -e "2 i/etc/6d98dd77dc7533187e4dc917befab6d9 start" /etc/init.d/boot.local
                              3⤵
                              • Reads runtime system information
                              PID:1550

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads