Overview

overview

10

Static

static

10

799474863b...c2ad32

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    152s
  • max time network
    157s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    20/12/2023, 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    799474863b595d271e1593decbc2ad32

  • Size

    1.0MB

  • MD5

    799474863b595d271e1593decbc2ad32

  • SHA1

    720c62828fc1e53c42164128190f8abed283f0f2

  • SHA256

    2e0f9092337f5c5cf88d29b56ce6b497e1161631d083c40c5a3ce7bfa0dcbf4c

  • SHA512

    a43d6ba4fbc2143f6f4541003f0d896da5a73e101dc7efe44a01b8e0a1008436510207debf485e02ad38ad22cbce9c1427a6960484ce60051041494910105400

  • SSDEEP

    24576:RsqZhvnhHXuhshNjm3Bp6gDgR16lwzBWa4wwS49TrHg29XE/PuroyUkNR9:PhvnhHXuhshNjK8AlGWaorroyUk

Score
6/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/799474863b595d271e1593decbc2ad32
    /tmp/799474863b595d271e1593decbc2ad32
    1⤵
    • Checks CPU configuration
    PID:1536
    • /bin/sh
      sh -c "chmod +x /etc/rc.local"
      2⤵
        PID:1537
        • /bin/chmod
          chmod +x /etc/rc.local
          3⤵
            PID:1538
        • /bin/sh
          sh -c "mv /tmp/799474863b595d271e1593decbc2ad32 /etc/799474863b595d271e1593decbc2ad32"
          2⤵
            PID:1539
            • /bin/mv
              mv /tmp/799474863b595d271e1593decbc2ad32 /etc/799474863b595d271e1593decbc2ad32
              3⤵
              • Reads runtime system information
              PID:1540
          • /bin/sh
            sh -c "cd /etc;chmod 777 799474863b595d271e1593decbc2ad32"
            2⤵
              PID:1541
              • /bin/chmod
                chmod 777 799474863b595d271e1593decbc2ad32
                3⤵
                  PID:1542
              • /bin/sh
                sh -c "sed -i -e '/exit/d' /etc/rc.local"
                2⤵
                  PID:1543
                  • /bin/sed
                    sed -i -e /exit/d /etc/rc.local
                    3⤵
                    • Reads runtime system information
                    PID:1544
                • /bin/sh
                  sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
                  2⤵
                    PID:1545
                    • /bin/sed
                      sed -i -e "/^ | | \$/d" /etc/rc.local
                      3⤵
                      • Reads runtime system information
                      PID:1546
                  • /bin/sh
                    sh -c "sed -i -e '/799474863b595d271e1593decbc2ad32/d' /etc/rc.local"
                    2⤵
                      PID:1547
                      • /bin/sed
                        sed -i -e /799474863b595d271e1593decbc2ad32/d /etc/rc.local
                        3⤵
                        • Reads runtime system information
                        PID:1548
                    • /bin/sh
                      sh -c "sed -i -e '2 i/etc/799474863b595d271e1593decbc2ad32 reboot' /etc/rc.local"
                      2⤵
                        PID:1549
                        • /bin/sed
                          sed -i -e "2 i/etc/799474863b595d271e1593decbc2ad32 reboot" /etc/rc.local
                          3⤵
                          • Reads runtime system information
                          PID:1550
                      • /bin/sh
                        sh -c "sed -i -e '2 i/etc/799474863b595d271e1593decbc2ad32 start' /etc/rc.d/rc.local"
                        2⤵
                          PID:1551
                          • /bin/sed
                            sed -i -e "2 i/etc/799474863b595d271e1593decbc2ad32 start" /etc/rc.d/rc.local
                            3⤵
                            • Reads runtime system information
                            PID:1552
                        • /bin/sh
                          sh -c "sed -i -e '2 i/etc/799474863b595d271e1593decbc2ad32 start' /etc/init.d/boot.local"
                          2⤵
                            PID:1553
                            • /bin/sed
                              sed -i -e "2 i/etc/799474863b595d271e1593decbc2ad32 start" /etc/init.d/boot.local
                              3⤵
                              • Reads runtime system information
                              PID:1554

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads