Overview

overview

10

Static

static

10

fabdcc80bc...4eef6c

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    139s
  • max time network
    151s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    20-12-2023 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fabdcc80bc425b814e83962d104eef6c

  • Size

    7.0MB

  • MD5

    fabdcc80bc425b814e83962d104eef6c

  • SHA1

    e5f5b30c22051f8c37df092516c62f2aa86403b1

  • SHA256

    129ff78e405aa6abe96453a2b480f446680f912f5512a9e0e67a15c871d3bfd5

  • SHA512

    4609f13607b94b2f2d146019b55b827658bc4890e92e776a8c68d38a3a8a1cec2fa995594986ac2b2a8c53367a4111f0517069f0abe61cf645818f166ddfb1b4

  • SSDEEP

    98304:n4qmZmgSoh0iDxpRqVlaCM/ieYCXfhxIX:4hZml0Dx3eeipCXZx

Score
6/10
antivmpersistence

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/fabdcc80bc425b814e83962d104eef6c
    /tmp/fabdcc80bc425b814e83962d104eef6c
    1⤵
    • Reads runtime system information
    PID:1533
  • /bin/cat
    cat /proc/version
    1⤵
    • Reads runtime system information
    PID:1540
  • /bin/cat
    cat /proc/cpuinfo
    1⤵
    • Checks CPU configuration
    PID:1541
  • /bin/uname
    uname -a
    1⤵
      PID:1543
    • /usr/bin/getconf
      getconf LONG_BIT
      1⤵
        PID:1547
      • /tmp/fabdcc80bc425b814e83962d104eef6c
        "[stealth]"
        1⤵
        • Reads runtime system information
        PID:1548
        • /bin/cat
          cat /proc/version
          2⤵
          • Reads runtime system information
          PID:1551
      • /bin/cat
        cat /proc/cpuinfo
        1⤵
        • Checks CPU configuration
        PID:1553
      • /bin/uname
        uname -a
        1⤵
          PID:1554
        • /usr/bin/getconf
          getconf LONG_BIT
          1⤵
            PID:1555
          • /usr/bin/crontab
            /usr/bin/crontab /tmp/nip9iNeiph5chee
            1⤵
            • Creates/modifies Cron job
            PID:1556

          Network

          MITRE ATT&CK Matrix ATT&CK v13

          Initial Access

          Execution

          Scheduled Task/Job

          1
          T1053

          Persistence

          Scheduled Task/Job

          1
          T1053

          Privilege Escalation

          Scheduled Task/Job

          1
          T1053

          Defense Evasion

          Virtualization/Sandbox Evasion

          1
          T1497

          Credential Access

          Discovery

          Virtualization/Sandbox Evasion

          1
          T1497

          Lateral Movement

          Collection

          Exfiltration

          Command and Control

          Impact

          Resource Development

          Reconnaissance

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/.pid
            Filesize

            4B

            MD5

            35464c848f410e55a13bb9d78e7fddd0

            SHA1

            a575bcefdc7a11dec7302ce66652db242e7931ea

            SHA256

            48f31b127dde9f650b07d6d68488d734ed95687cbcfb2d06867d21ad0997f438

            SHA512

            1d0d7db8e07f74deab2c3b47c8bc683145a0a8ed486c65c19f0e43a62f283d69ff4ad586802d96b866ac836d0ff925b0e8de8e485c95473d044cec04edfede18

            Download Submit
          • /var/spool/cron/crontabs/tmp.i7C8tX
            Filesize

            260B

            MD5

            ed3fe169a638c6cc3f6e21b54e9ff007

            SHA1

            8169455acf9769e6fae900f4bdab87a14777bed6

            SHA256

            eed2c24eb9cf0bb6419cb45456e0efda93f9292d68976d63ddc397ffbdc3d90c

            SHA512

            b69bf32777bb63d9fe19708725d5ebf71cc232f0cf0a0a0bcdf74b4555ab76784fe1961cd7d4d09279ee19231e39f95a340ca5045d038a62b5e0fc649fb19158

            Download Submit