00c65c934d39acd0e1e48bbdc5f559eeaaa786fad02efdb29ed1ea94db644e24

Analysis

max time kernel
153s
max time network
148s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22-12-2023 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70e553bfcfc05ba25fa7f8032d290aff
Size

1.4MB
MD5

70e553bfcfc05ba25fa7f8032d290aff
SHA1

07c9687a9f1577282c177279f6f09f952f3bc97a
SHA256

00c65c934d39acd0e1e48bbdc5f559eeaaa786fad02efdb29ed1ea94db644e24
SHA512

f0c08b322e9866d6307e89f051508553c2f28415363d85f59662dafde94749d13dbcbc3a089b39a4a9bebf214f0d3a43b03ee721cc1b5b31e07cbd6e7682d502
SSDEEP

24576:i6tcmqGp0fQfhrx7YfiUbDqYCsQQmx2/IVFvZGuOl9UgfmeRq6FFIvwRlrUa:i/RQ5x7GiUbD9ChZGuOlBAJGUa

Score

6^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc
File opened for reading	/proc/cpuinfo

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc
File opened for reading	/proc/net/dev

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/stat

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc
File opened for modification	/tmp/dlcfg
File opened for modification	/tmp/fake.cfg

/tmp/70e553bfcfc05ba25fa7f8032d290aff
/tmp/70e553bfcfc05ba25fa7f8032d290aff
1⤵
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Network Configuration Discovery

T1016

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/dlcfg

Filesize
1KB

MD5
04e37ac056fe5668cea6453df273a7b0

SHA1
f8d9bc73577429d14321a9d25bb433880d174a93

SHA256
643e6dea9ba8832fee4a46afccf37faa646efb9bd6100582b46b2b13ef29c0b0

SHA512
7c5a75c077f23d83224d7ceef269a12bbf5210e2d079b3f2539ffee3091fd30d4b4496a4368688f080e626cf9158fef9b5bebb6d6ec82dba516de470ea24a0bd

Download Submit
/tmp/fake.cfg

Filesize
43B

MD5
6558809eccff552c393070a603fa5c9b

SHA1
3a43eed50b587bbaa038d8f1b7085f03d367f43c

SHA256
fdb29b7c4b2d0f6c344cc8bcbd695fd3b0f84a939123663bbf06a2c2dea67781

SHA512
7d369ebd66ecc3ad4a6572d30e3fcd0863dc1de7d2085d8839e66bfb9e106f575842f356fefc1bbf79ae57d13546c4d82c29246e6ef645031159d68b0fe76927

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads