78fe6d6c09d4b004430755e4928a94ebd6a224a848bf6d4e94203fa4ee792fb6

Resubmissions

09/03/2024, 17:29

240309-v2jy1sea4s 7

09/03/2024, 17:23

26/02/2024, 21:20

26/02/2024, 21:17

26/02/2024, 16:16

26/02/2024, 13:40

26/02/2024, 13:39

26/02/2024, 13:02

Analysis

max time kernel
23s
max time network
1693s
platform
debian-9_mips
resource
debian9-mipsbe-20240221-en
resource tags

arch:mipsimage:debian9-mipsbe-20240221-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
26/02/2024, 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a7580f58ed0a0a8a107dece6874b773/worker.js
Size

62KB
MD5

300c72be89315174eb78400173ad0fe4
SHA1

b8e2774e373a2fc63800d9717e23195e1f6a5310
SHA256

d1041b483adcbf0ad31aadefe964a8cf83ae373cee20d51cab64256f00f5b7c4
SHA512

a4aefeff0e920f63798f83e83b5f8bad7fbb8d51261d72a3d78cbfd4c5e41671f92766a241223810f47d4a32ae40fe6b080313ab7e2b2946cfe14d75dff8f35f
SSDEEP

768:e07MGaSA+zE0m/43ROSWjI9YE69LNMkJieHct9594txNKdw1ilzefq/wtsgr6lV5:TMGjxzm6CiuKEscdZRBXBBcsjKuPzO

Score

7^/10

antivm

Malware Config

Signatures

Changes its process name 4 IoCs

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	V8 WorkerThread	742
Changes the process name, possibly in an attempt to hide itself	V8 WorkerThread	744
Changes the process name, possibly in an attempt to hide itself	V8 WorkerThread	745
Changes the process name, possibly in an attempt to hide itself	V8 WorkerThread	746

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	nodejs

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery

T1082

description	ioc
File opened for reading	/sys/devices/system/cpu/online

/usr/bin/nodejs
nodejs /tmp/3a7580f58ed0a0a8a107dece6874b773/worker.js
1⤵
- Checks CPU configuration
PID:734

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads