Overview

overview

10

Static

static

10

afd986e075...a5fbf8

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    27/12/2023, 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afd986e0754c07002e764f8038a5fbf8

  • Size

    8.2MB

  • MD5

    afd986e0754c07002e764f8038a5fbf8

  • SHA1

    bc18d23c16bbbadd6aa4ba226ff9cac0a9aafa20

  • SHA256

    71eed0656bcb2ca1f2f6af4cf073e14f17dadec7af9cd93153299c0fd4aa07c0

  • SHA512

    7ae76dd88f22ecc529d07606dba5cddd89f733980dccbed0e4dde83109775ea685d5bbc4813a5338666b12206a9ca6ffe66ff85024e76374c8c8b8c2625466ac

  • SSDEEP

    49152:bK2IsqJ6+KCdOF87M6ee8ry770lDlzroschqayHQDx7XF/6jcRO8FYefPudx5zqn:vD+wFwz8raOVc76/6VfVf5rNOX

Score
6/10
antivmpersistence

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/afd986e0754c07002e764f8038a5fbf8
    /tmp/afd986e0754c07002e764f8038a5fbf8
    1⤵
    • Reads runtime system information
    PID:1527
    • /bin/cat
      cat /proc/version
      2⤵
      • Reads runtime system information
      PID:1531
  • /bin/cat
    cat /proc/cpuinfo
    1⤵
    • Checks CPU configuration
    PID:1537
  • /bin/uname
    uname -a
    1⤵
      PID:1539
    • /usr/bin/getconf
      getconf LONG_BIT
      1⤵
        PID:1540
      • /tmp/afd986e0754c07002e764f8038a5fbf8
        "[stea]"
        1⤵
        • Reads runtime system information
        PID:1541
        • /bin/cat
          cat /proc/version
          2⤵
          • Reads runtime system information
          PID:1545
      • /bin/cat
        cat /proc/cpuinfo
        1⤵
        • Checks CPU configuration
        PID:1546
      • /bin/uname
        uname -a
        1⤵
          PID:1547
        • /usr/bin/getconf
          getconf LONG_BIT
          1⤵
            PID:1548
          • /usr/bin/crontab
            /usr/bin/crontab /tmp/nip9iNeiph5chee
            1⤵
            • Creates/modifies Cron job
            PID:1555

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/[stea].pid
            Filesize

            4B

            MD5

            1373b284bc381890049e92d324f56de0

            SHA1

            d05785002742a30502dde3731b28883334e46040

            SHA256

            477e2d13152129e72c4a47a5abed06ce422daff2ca0e99d33bc527477effee34

            SHA512

            b409dbef7cad909beab9e2b251590e7a6773e6ef7bc3782a9adb4be3a2765fdefca68cb96b9b31e92e0edb23d521aa3adfb7c90ade660e75b1a04832d19d59f4

            Download Submit

          • /tmp/nip9iNeiph5chee
            Filesize

            66B

            MD5

            bc64d6fb2b1d3531e6373ff6cf4abafb

            SHA1

            60b6cab271d14dea85e2da664c0388a2cf558162

            SHA256

            5b55450a9fc311ad13cd47f4b4e69e86d154103804a531bd98ffade16cd49db3

            SHA512

            af7019fcb4b5dcc4571c2910c6bd3d327ce08e850a8ffc3450e7cade3e62449c44f0df47169b1a6461470c308e072021eb685e0655896bbf1562f18c011ce00e

            Download Submit

          • /var/spool/cron/crontabs/tmp.YDO4NL
            Filesize

            260B

            MD5

            d86fbb2a1d5922e9775044a4ee9fc6e4

            SHA1

            8c376855c4dbf4714289273db67db2e853f9e97c

            SHA256

            2371d00b172c981146a029cf467273d627cf2f0932681920f110d2dfd6c967ab

            SHA512

            932c7b77a05a403dab412d1323eed2a2b62d79f2b51d5d1165029b15662c159e70618714383a5b8fd58410b1d2d5bb0c3ba6e7aba42b07f551a6c2d5e0297e92

            Download Submit