d14683e7fbe633207009e616e85660619adb8a3f01e1e53e9574684f0c6bda3c | Triage

Submit
Reports

Overview

overview

9

Static

static

7

d14683e7fb...3c.elf

ubuntu-18.04-amd64

9

Resubmissions

27-12-2023 15:08

231227-sja72sfgan 9

27-12-2023 15:08

231227-sh5p9sffhl 9

12-12-2023 14:05

231212-rdvh3aeahp 9

Sharing

General

Target

d14683e7fbe633207009e616e85660619adb8a3f01e1e53e9574684f0c6bda3c.elf
Size

1.8MB
Sample

231227-sja72sfgan
MD5

572b3eb3c15f14baad807804b8d8a0fe
SHA1

ac58bb2e2639006161748ec2bd1874ad1c66424a
SHA256

d14683e7fbe633207009e616e85660619adb8a3f01e1e53e9574684f0c6bda3c
SHA512

7c37cdf86ed9b52d239bdd5dff53489f43076f641a3b520b2247d6d3b54b358365a2a805c9dd2128976509a452cc9a2baa88969c8e7e53b1484faccd86ee4167
SSDEEP

49152:hNvOb/yflCgOeFQGgZJGfWzFleCP+FkRW3:vWbKflCg3FCGfWzFl/23

Score

9^/10

antivm discovery linux persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d14683e7fbe633207009e616e85660619adb8a3f01e1e53e9574684f0c6bda3c.elf

Resource

ubuntu1804-amd64-20231215-en

antivm discovery persistence

ubuntu-18.04-amd64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  d14683e7fbe633207009e616e85660619adb8a3f01e1e53e9574684f0c6bda3c.elf
- Size
  
  1.8MB
- MD5
  
  572b3eb3c15f14baad807804b8d8a0fe
- SHA1
  
  ac58bb2e2639006161748ec2bd1874ad1c66424a
- SHA256
  
  d14683e7fbe633207009e616e85660619adb8a3f01e1e53e9574684f0c6bda3c
- SHA512
  
  7c37cdf86ed9b52d239bdd5dff53489f43076f641a3b520b2247d6d3b54b358365a2a805c9dd2128976509a452cc9a2baa88969c8e7e53b1484faccd86ee4167
- SSDEEP
  
  49152:hNvOb/yflCgOeFQGgZJGfWzFleCP+FkRW3:vWbKflCg3FCGfWzFl/23
Score

9^/10

antivm discovery persistence
- Contacts a large (234480) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads CPU attributes
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

antivmdiscoverypersistence

© 2018-2024

Terms | Privacy