Overview

overview

6

Static

static

10

6e2c640e5a...7b1047

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    150s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • submitted
    21/01/2024, 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e2c640e5ac79fd488978f53fd7b1047

  • Size

    8.2MB

  • MD5

    6e2c640e5ac79fd488978f53fd7b1047

  • SHA1

    7ca2962f444b7e7d3b7278ad9ce74c330e676476

  • SHA256

    38ff3f5d90629fa2150f08166149f16756adbcd42c9c5bcd2dcec0db773b0a18

  • SHA512

    ef0fbd7581db6bc51821cf03fee7ff7ebf34eff51d9f871651bb2bfa20fee405ce5c01ce1ac8cc35d52cf915934f01cfdee02be2e497de7bf8e16d565fd4f09f

  • SSDEEP

    98304:8bQUVZFz/Mg7nht3QFL9eKyBx1y8eiUlOX:InFTMyn/3QkWl

Score
6/10
antivmdiscoveryexecutionpersistenceprivilege_escalatio

Malware Config

Signatures

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    executionpersistenceprivilege_escalatio
  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/6e2c640e5ac79fd488978f53fd7b1047
    /tmp/6e2c640e5ac79fd488978f53fd7b1047
    1⤵
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1550
    • /bin/cat
      cat /proc/version
      2⤵
      • Reads runtime system information
      PID:1556
    • /bin/cat
      cat /proc/cpuinfo
      2⤵
      • Checks CPU configuration
      PID:1560
    • /bin/uname
      uname -a
      2⤵
        PID:1561
      • /usr/bin/getconf
        getconf LONG_BIT
        2⤵
          PID:1562
        • /tmp/6e2c640e5ac79fd488978f53fd7b1047
          "[stealth]"
          2⤵
          • Reads runtime system information
          • Writes file to tmp directory
          PID:1563
          • /bin/cat
            cat /proc/version
            3⤵
            • Reads runtime system information
            PID:1567
          • /bin/cat
            cat /proc/cpuinfo
            3⤵
            • Checks CPU configuration
            PID:1568
          • /bin/uname
            uname -a
            3⤵
              PID:1569
            • /usr/bin/getconf
              getconf LONG_BIT
              3⤵
                PID:1570
              • /usr/bin/crontab
                /usr/bin/crontab /tmp/nip9iNeiph5chee
                3⤵
                • Creates/modifies Cron job
                • System Network Configuration Discovery
                PID:1572

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/.pid
            Filesize

            4B

            MD5

            4d6e4749289c4ec58c0063a90deb3964

            SHA1

            a0e3eab3c80118379cb2e1d7b163f82494430e03

            SHA256

            e830a0d7d5f303724e6404c8f9797580b6e77e4bdab70b8e163967925b69e6d0

            SHA512

            c0a696afb1940c302622b6ba6ec2913c19903291626073ed3233a16000d45bb61ec7c676c42c1ae0e0b32126d9f72e938a80e665a68ad3fbfa0e606c352276ed

            Download Submit

          • /tmp/nip9iNeiph5chee
            Filesize

            66B

            MD5

            0cd786e8795a6bb8fe9abdadd72fb4d0

            SHA1

            7df3c6ec506473485d247c37603439386ad28b32

            SHA256

            811f7a6f37581c1ed59ad2b2ab238796e81081b8c9623e0039d22f260511981b

            SHA512

            29bcbb5368719799e746c480a518668a6b7db2e7d60bf2d39ccbabcba5d2f0f82de2517d1daa4cc5399e124c2ca05420e5182e599145824f86c2273f9df22ba7

            Download Submit

          • /var/spool/cron/crontabs/tmp.N03T6f
            Filesize

            260B

            MD5

            cd01f0897a5a39d0d6a39a88db083fc6

            SHA1

            aa6cd098c65439849e340caff741398e4e122f97

            SHA256

            ecb9ca2544d64cb56841280ddbaf8d0fdebbd02f2f5a326f909701401e36f95d

            SHA512

            bde9b17f65ffdfbcd12f43d417af631373f08fe6c629e65e2c54b2a0f30a20fed7ecc3cf70462f93749e9a287f7b382ed4dee5b2f06d5b668567244d3a6c59f1

            Download Submit