Overview

overview

7

Static

static

1

7e97fa9043...b79e4e

ubuntu-18.04-amd64

7

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231222-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22/12/2023, 08:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7e97fa90430e009c8fbf2acf92b79e4e

  • Size

    2.4MB

  • MD5

    7e97fa90430e009c8fbf2acf92b79e4e

  • SHA1

    16ec3eba2bf781cb69b474f0c24bb8859129cdc7

  • SHA256

    172c4b955bd5ac029450b0cd46b4572f87eaaec72a63aa29f21483c223f56c6e

  • SHA512

    2d43fd32bf3ed89302042e052faf603e44909d937e9d91867f372a14469b79952b394f47b9f371e5d44800ad98fa3fe28c9ca45fec931980122ff2a3759a430c

  • SSDEEP

    49152:GcXSFzulIxJ2lG4EmR8pfbTZsDjai1HrkEgJRuYaWWJbiGVetR65nZmRHX0gFJKM:GcXS1ulIxJ2lGHpfbTZsDjDaRnCiGURJ

Score
7/10
antivm

Malware Config

Signatures

  • Deletes itself 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/7e97fa90430e009c8fbf2acf92b79e4e
    /tmp/7e97fa90430e009c8fbf2acf92b79e4e
    1⤵
      PID:1576
      • /bin/sh
        sh -c "cp /tmp/7e97fa90430e009c8fbf2acf92b79e4e /tmp/freeBSD"
        2⤵
          PID:1577
          • /bin/cp
            cp /tmp/7e97fa90430e009c8fbf2acf92b79e4e /tmp/freeBSD
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1578
        • /bin/sh
          sh -c "cp /tmp/7e97fa90430e009c8fbf2acf92b79e4e /tmp/7e97fa90430e009c8fbf2acf92b79e4ea"
          2⤵
            PID:1580
            • /bin/cp
              cp /tmp/7e97fa90430e009c8fbf2acf92b79e4e /tmp/7e97fa90430e009c8fbf2acf92b79e4ea
              3⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1581
          • /tmp/freeBSD
            /tmp/freeBSD /tmp/freeBSD 1
            2⤵
            • Deletes itself
            • Executes dropped EXE
            PID:1579
        • /tmp/7e97fa90430e009c8fbf2acf92b79e4ea
          /tmp/7e97fa90430e009c8fbf2acf92b79e4ea /tmp/7e97fa90430e009c8fbf2acf92b79e4e
          1⤵
          • Deletes itself
          • Executes dropped EXE
          • Writes file to tmp directory
          PID:1582
          • /tmp/7e97fa90430e009c8fbf2acf92b79e4e
            2⤵
            • Executes dropped EXE
            PID:1583
          • /bin/sh
            sh -c "cp /tmp/7e97fa90430e009c8fbf2acf92b79e4ea /tmp/7e97fa90430e009c8fbf2acf92b79e4e"
            2⤵
              PID:1591
              • /bin/cp
                cp /tmp/7e97fa90430e009c8fbf2acf92b79e4ea /tmp/7e97fa90430e009c8fbf2acf92b79e4e
                3⤵
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1592

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /tmp/7e97fa90430e009c8fbf2acf92b79e4e
                  Filesize

                  1.4MB

                  MD5

                  f529519507d9913bff237c0c3db02311

                  SHA1

                  5d884079170033419e59c026e2d551d017489518

                  SHA256

                  6469a14f0e56144c3f533ccdd05d99b7606218db21d3ef0dc3ec22d05b4bdb3d

                  SHA512

                  42fa81e30f03af2547ef5fcfb88431d50ab545dd378b45f48a93b4d729011981ac9d65130b775c25b70370a6474b393c5b798c9e1d0c67c7b32c9667afceee16

                  Download Submit

                • /tmp/7e97fa90430e009c8fbf2acf92b79e4ea
                  Filesize

                  2.4MB

                  MD5

                  7e97fa90430e009c8fbf2acf92b79e4e

                  SHA1

                  16ec3eba2bf781cb69b474f0c24bb8859129cdc7

                  SHA256

                  172c4b955bd5ac029450b0cd46b4572f87eaaec72a63aa29f21483c223f56c6e

                  SHA512

                  2d43fd32bf3ed89302042e052faf603e44909d937e9d91867f372a14469b79952b394f47b9f371e5d44800ad98fa3fe28c9ca45fec931980122ff2a3759a430c

                  Download Submit

                • /tmp/freeBSD
                  Filesize

                  1.9MB

                  MD5

                  fe5e6e7169917923ba3af2af05b21b46

                  SHA1

                  d2087b19d6f45bf9e820cc98f11624c891356b47

                  SHA256

                  77d79cc33c990101bba3403e0730590280e19259cc4b5e3b58c79fc23a02c594

                  SHA512

                  63be5d1d625118346206b638ae3a52512ebbd07114bf9fcc065af079037766e63ea1a6c2f305f2f1cbf84f8c294132128b666769df0a055f396fd7995608d615

                  Download Submit