Overview

overview

10

Static

static

10

b271ed4ba2...e81dfa

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    144s
  • max time network
    154s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    20-12-2023 12:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b271ed4ba259d8d2ee39c19137e81dfa

  • Size

    7.0MB

  • MD5

    b271ed4ba259d8d2ee39c19137e81dfa

  • SHA1

    b7068e69a09d3038dcf7db4ffd88bfd34b935cc2

  • SHA256

    7afab295aea22a7661d3f0916e0eae4ff162c8779e0b2eb72123b20399b8ad67

  • SHA512

    f8193a6e23f0b21bcaf717cf1b35404365c75b815aca2ff0bd52cf1e8fe370fd614dd63fc9f330cdfd76da405457276f76b5973ef801cb47809ea4caf929e1fd

  • SSDEEP

    98304:1v4QhyO0ohoxG6lp9y9G8u7E/zF913IX:l5hyBoGO0oL7t

Score
6/10
antivmpersistence

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/b271ed4ba259d8d2ee39c19137e81dfa
    /tmp/b271ed4ba259d8d2ee39c19137e81dfa
    1⤵
    • Reads runtime system information
    PID:1537
    • /bin/cat
      cat /proc/version
      2⤵
      • Reads runtime system information
      PID:1540
  • /bin/cat
    cat /proc/cpuinfo
    1⤵
    • Checks CPU configuration
    PID:1542
  • /bin/uname
    uname -a
    1⤵
      PID:1544
    • /usr/bin/getconf
      getconf LONG_BIT
      1⤵
        PID:1545
      • /tmp/b271ed4ba259d8d2ee39c19137e81dfa
        "[stea]"
        1⤵
        • Reads runtime system information
        PID:1546
        • /bin/cat
          cat /proc/version
          2⤵
          • Reads runtime system information
          PID:1549
      • /bin/cat
        cat /proc/cpuinfo
        1⤵
        • Checks CPU configuration
        PID:1551
      • /bin/uname
        uname -a
        1⤵
          PID:1552
        • /usr/bin/getconf
          getconf LONG_BIT
          1⤵
            PID:1553
          • /usr/bin/crontab
            /usr/bin/crontab /tmp/nip9iNeiph5chee
            1⤵
            • Creates/modifies Cron job
            PID:1554

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/.pids
            Filesize

            4B

            MD5

            aff0a6a4521232970b2c1cf539ad0a19

            SHA1

            bcceeba1e77189d6a3938f29437de543a18024fb

            SHA256

            495afe547befeedeef191264812945e2c199da63da0e8dfde79bee7dbecb210f

            SHA512

            8938b57c391e57720fe6e2ad915e3e1252bbfd30e3c0d72e2c98f83723364da32ee8c7e71eef0d386bd14bf210568a32bda74a74748ff8338d794c8de2210656

            Download Submit
          • /tmp/nip9iNeiph5chee
            Filesize

            66B

            MD5

            14a91cc64527a2146ba8c3ce5371be33

            SHA1

            71c941921fcd2df17ee99d79ff057cbd98a4cfb1

            SHA256

            93062fc4f6b6e2a6aee21bdf9678153c64465a545cf214a815a4960d48979e03

            SHA512

            fe47640b6a48bc506640d0fb75a6ea48d76675da19b7af0ba62cbe6019db8acf78fb757af5ef87733f9258fe8570cc30e81d6971f97ff8977f98544559c1afba

            Download Submit
          • /var/spool/cron/crontabs/tmp.A8AE8K
            Filesize

            260B

            MD5

            8894b43399b8ffe27a06acd406fb559a

            SHA1

            1055cf48454b431422e281faef1c23bc2e09c9fb

            SHA256

            f3fcb2f19913799dded7c1ac94bc722e02f36bb84b65a25bd0f549a3b386b4fb

            SHA512

            5b83a360e9016d78ecd6aa787c6749625addeb91f0631769a19d7e8649fb9955be8e6e5df0d3c9381227327dfd48fec170f93e162e3ced9a40d26f897f32ae2e

            Download Submit