38ff3f5d90629fa2150f08166149f16756adbcd42c9c5bcd2dcec0db773b0a18

Analysis

max time kernel
149s
max time network
129s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231222-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
26/12/2023, 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e2c640e5ac79fd488978f53fd7b1047
Size

8.2MB
MD5

6e2c640e5ac79fd488978f53fd7b1047
SHA1

7ca2962f444b7e7d3b7278ad9ce74c330e676476
SHA256

38ff3f5d90629fa2150f08166149f16756adbcd42c9c5bcd2dcec0db773b0a18
SHA512

ef0fbd7581db6bc51821cf03fee7ff7ebf34eff51d9f871651bb2bfa20fee405ce5c01ce1ac8cc35d52cf915934f01cfdee02be2e497de7bf8e16d565fd4f09f
SSDEEP

98304:8bQUVZFz/Mg7nht3QFL9eKyBx1y8eiUlOX:InFTMyn/3QkWl

Score

6^/10

antivm persistence

Malware Config

Signatures

Checks CPU configuration 1 TTPs 2 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	cat
File opened for reading	/proc/cpuinfo	cat

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

description	ioc	Process
File opened for modification	/var/spool/cron/crontabs/tmp.oF2rc0	crontab

Reads runtime system information 4 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/version	cat
File opened for reading	/proc/sys/net/core/somaxconn	6e2c640e5ac79fd488978f53fd7b1047
File opened for reading	/proc/version	cat
File opened for reading	/proc/sys/net/core/somaxconn	6e2c640e5ac79fd488978f53fd7b1047

Writes file to tmp directory 3 IoCs

Malware often drops required files in the /tmp directory.

description	ioc
File opened for modification	/tmp/[stealth].pid
File opened for modification	/tmp/.pid
File opened for modification	/tmp/nip9iNeiph5chee

/tmp/6e2c640e5ac79fd488978f53fd7b1047
/tmp/6e2c640e5ac79fd488978f53fd7b1047
1⤵
- Reads runtime system information
PID:1610
- /bin/cat
  cat /proc/version
  2⤵
  - Reads runtime system information
  PID:1614

/bin/cat
cat /proc/cpuinfo
1⤵
- Checks CPU configuration
PID:1615

/bin/uname
uname -a
1⤵
PID:1617

/usr/bin/getconf
getconf LONG_BIT
1⤵
PID:1621

/tmp/6e2c640e5ac79fd488978f53fd7b1047
"[stealth]"
1⤵
- Reads runtime system information
PID:1622
- /bin/cat
  cat /proc/version
  2⤵
  - Reads runtime system information
  PID:1626

/bin/cat
cat /proc/cpuinfo
1⤵
- Checks CPU configuration
PID:1627

/bin/uname
uname -a
1⤵
PID:1628

/usr/bin/getconf
getconf LONG_BIT
1⤵
PID:1629

/usr/bin/crontab
/usr/bin/crontab /tmp/nip9iNeiph5chee
1⤵
- Creates/modifies Cron job
PID:1630

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/.pid

Filesize
4B

MD5
c7af0926b294e47e52e46cfebe173f20

SHA1
948b13c7ba369f02fc29d936c124689877023958

SHA256
6d7be37d6aa3665ddca5b4c3ab26e689e4efc1c33bea69ccbaeec6ed49569558

SHA512
84ff72624f10220c6960fc1d0fe9bbdd329bdc5b8eeef36d8b31d9f3b78f050f11d21b67839576982d1aa87312a1c19e075d284f7b13d28d87631735d73310e6

Download Submit
/tmp/nip9iNeiph5chee

Filesize
66B

MD5
0cd786e8795a6bb8fe9abdadd72fb4d0

SHA1
7df3c6ec506473485d247c37603439386ad28b32

SHA256
811f7a6f37581c1ed59ad2b2ab238796e81081b8c9623e0039d22f260511981b

SHA512
29bcbb5368719799e746c480a518668a6b7db2e7d60bf2d39ccbabcba5d2f0f82de2517d1daa4cc5399e124c2ca05420e5182e599145824f86c2273f9df22ba7

Download Submit
/var/spool/cron/crontabs/tmp.oF2rc0

Filesize
260B

MD5
0fbe5dd4887936f2e361c277c85ae4e0

SHA1
8d0bb687d80592a7e8ad307dab55beb9c0f4fb23

SHA256
1bb3eb865e946c2db2f8fdc89220a9259e6ed63f12b6bf11dedb9ca6e77b9f21

SHA512
a31ec62155655013e47036acdf12f385032701215c286e2b7d1a131adae15c0165e8a9ce4735ee864949e73dedfeab29cc9058c04ab5663d11adbce52250d0fb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads