General
-
Target
b01e53eb6adbd1f469f3e2bfb05a99ed.bin
-
Size
3.1MB
-
Sample
240325-ecafaafc97
-
MD5
17b78c198099ce5b9698fb6460366b2b
-
SHA1
d5b13a7d1481e6614f194cdba217e23dff99f9e4
-
SHA256
3efa97c99bebe6f31c68b575745cecfb03876d891b03095060ce45d4022cf676
-
SHA512
e02a7d47c4698301b447c01e3b033bd5e03d2593c9eb1b10ff6bd3b7efa45df00963c801b6fd197c5632f072a391d78353b6e026bce549ccf6ff8be86262d49c
-
SSDEEP
49152:x43SycCHedieGn6oun5sHnn6anLCrT4IAtS0Y9TiJ1orl6LmpswND5:L5CHiGn63n5sHn6aL64o0MY6roU/H
Behavioral task
behavioral1
Sample
4ea3a10c32dc41f02faecced6522057b13ca3b13308d66d9e213f24fea7af108.elf
Resource
ubuntu2004-amd64-20240221-en
Malware Config
Targets
-
-
Target
4ea3a10c32dc41f02faecced6522057b13ca3b13308d66d9e213f24fea7af108.elf
-
Size
3.2MB
-
MD5
b01e53eb6adbd1f469f3e2bfb05a99ed
-
SHA1
50a71249c2d24fed655cd0f06257db9768451e22
-
SHA256
4ea3a10c32dc41f02faecced6522057b13ca3b13308d66d9e213f24fea7af108
-
SHA512
4a80c7c699d7973e6d6e01eaabb3914d40bd3cd6323d6283b1381b30c2fe88136e103da7695c8365fbb9561e305fab331bf931ec99251dad8852c702066f1166
-
SSDEEP
49152:2Gu5r1isjbkciQ5RCdKMhNVOv4gldIWrB0fcJVCxJNZ7fAdh6ZW4mrvwgiGY7d:luV1Xbky/ebHBg/nr8gVkLM3Y9GYZ
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-
Modifies Bash startup script
-