Overview

overview

7

Static

static

1

sample.tar

ubuntu-18.04-amd64

sample.tar

debian-9-armhf

sample.tar

debian-9-mips

sample.tar

debian-9-mipsel

package/ar...ion.js

ubuntu-18.04-amd64

3

package/ar...ion.js

debian-9-armhf

6

package/ar...ion.js

debian-9-mips

7

package/ar...ion.js

debian-9-mipsel

7

package/ar...opy.js

ubuntu-18.04-amd64

3

package/ar...opy.js

debian-9-armhf

6

package/ar...opy.js

debian-9-mips

7

package/ar...opy.js

debian-9-mipsel

7

package/ar...pty.js

ubuntu-18.04-amd64

3

package/ar...pty.js

debian-9-armhf

6

package/ar...pty.js

debian-9-mips

7

package/ar...pty.js

debian-9-mipsel

7

package/ar...niq.js

ubuntu-18.04-amd64

3

package/ar...niq.js

debian-9-armhf

6

package/ar...niq.js

debian-9-mips

7

package/ar...niq.js

debian-9-mipsel

7

package/ar...ent.js

ubuntu-18.04-amd64

3

package/ar...ent.js

debian-9-armhf

6

package/ar...ent.js

debian-9-mips

7

package/ar...ent.js

debian-9-mipsel

7

package/ar...dex.js

ubuntu-18.04-amd64

3

package/ar...dex.js

debian-9-armhf

7

package/ar...dex.js

debian-9-mips

7

package/ar...dex.js

debian-9-mipsel

7

package/ar...ted.js

ubuntu-18.04-amd64

3

package/ar...ted.js

debian-9-armhf

6

package/ar...ted.js

debian-9-mips

7

package/ar...ted.js

debian-9-mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    es5-ext-0.10.62.tgz

  • Size

    92KB

  • Sample

    240327-kygpdagh46

  • MD5

    480865c98713e87602ac8522aba999c6

  • SHA1

    5e6adc19a6da524bf3d1e02bbc8960e5eb49a9a5

  • SHA256

    e757f53b9072c60d0ad6933e1dbcb819951ea79d2f0b438c31a8a70692dbe899

  • SHA512

    0472ea9f4925844a6738a4abce7fd7b33d94216f23f9c1a6a3d24bcebf018946a957c84f2fdf8596216a8f0afd9e05bb8d6767c6fe9e3befcbab284956a82b8c

  • SSDEEP

    1536:Brum5ULAcwd4/ed5g3KAUO8cI9SEQSEejyY00VRt+aU/sSQUDmknSPivl:BruVwdLd5g3F8kSESntSGUYPid

Score
7/10
antivmlinux

Malware Config

Targets

    • Target

      sample

    • Size

      710KB

    • MD5

      406b3be249a2d06e2b17774f83bec6d4

    • SHA1

      1469f4947f59bc6e3e9342c72fce176af2b5a9e1

    • SHA256

      889ece7db2c86ba5f71398d14818c0ad0e1d5d25c72f402f021e0cd5a4aa2930

    • SHA512

      28b0192626175a2794432cd6fe1df2563b2a38aa86abdfada2b2d2a6cc6e40ca8a60bef3305cc895b7b2aa3f60bce4c310decd769ce6f83017a5ccac6897c856

    • SSDEEP

      3072:rIxkW5g3EH5T2J8QxGnVVgd9FVugRnFMTWuwAzf7ZM9KGDWCdkWGC:rIAEH5T2J8QxGn1M8mWWG

    Score
    1/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      package/array/#/intersection.js

    • Size

      588B

    • MD5

      ead38378fe32a8ae2cf071a2d6550a84

    • SHA1

      12938810c98203e8cf9323e5075c46e3697cae0e

    • SHA256

      609d9ae6d1cc6da8e75e895edffb06d19cfdb0d09bde56bdadc17ef9ca4441cb

    • SHA512

      44f512074e4a7f2b0a0743748cabf446c3acb29f411ba36eb675029514903946d9f78455409a2208960cda7ae560a5ad193aec33d8fd1819946858ec37ad9300

    Score
    7/10
    antivm

    • Changes its process name

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Reads CPU attributes

    behavioral5behavioral6behavioral7behavioral8

    • Target

      package/array/#/is-copy.js

    • Size

      610B

    • MD5

      66f446eb57e34e245d9022590614e0d8

    • SHA1

      41eb4ff7ca795c237c8175a19f96ea822d0c3a77

    • SHA256

      23d5e61bc7ec4965caeee922c601408b09b40f8192056b67b8a2693ccc23d139

    • SHA512

      43e95575d09bd92ba60a8aabe8a57c1785ff946bb11e1d3d1c3d7ff67fcb1f9f4d74ea39b029237726c7e37e04a703633769e6c3106b2330a9a18442e7b09dd3

    Score
    7/10
    antivm

    • Changes its process name

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Reads CPU attributes

    behavioral10behavioral11behavioral12behavioral9

    • Target

      package/array/#/is-empty.js

    • Size

      201B

    • MD5

      163278450d51f06e6ba0ea0ff4522cf2

    • SHA1

      691c35d0cd055f3db05a538abc11a0c6ec21c919

    • SHA256

      4bfa3320e83f5edee8b989f43889d7fcc3a5eb502d30ec4a87a79abcd56dc289

    • SHA512

      73989c7892983a6350585e54ef7aa0ca53193d4f8ab26f0778b9feab3be0abbaa6af72dcb527006fcb58faf89acc9912d2330841e98ec2ac3566189a2dcc6904

    Score
    7/10
    antivm

    • Changes its process name

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Reads CPU attributes

    behavioral13behavioral14behavioral15behavioral16

    • Target

      package/array/#/is-uniq.js

    • Size

      261B

    • MD5

      ba2110794e0578a72edbc84562ec6ffd

    • SHA1

      65d9ead39ad22732c883a5d1cfa7ed8ed1b8e38c

    • SHA256

      c61b8b72c29d93cd25beea538056e33aa9e43b4aeb091b4b44f5e56ada54bb8c

    • SHA512

      96d6b6bcb2d94e08d96bd3f17c039729c5642c9994a45b7a8e4b9be38b63e300dd5bd72452b3a12c91d059b078e6892b823860dbdda57ddd70f013dc82bc7701

    Score
    7/10
    antivm

    • Changes its process name

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Reads CPU attributes

    behavioral17behavioral18behavioral19behavioral20

    • Target

      package/array/#/keys/implement.js

    • Size

      198B

    • MD5

      ed7918136c262b356a53989c1b868ccc

    • SHA1

      4803a1f100b3f13a4941587a003011d10534094e

    • SHA256

      c2883c630df8818740aeedf758b0a942cc04fb277cb7511e987640a123222bb3

    • SHA512

      fba0327c4a5cfab1c3022bb3d54dd2755af5ed9e21761505b8acb218331ad8de1fa8718b40454fc82c1e1249af14a3ff79e343281a39f7aaf1555597393e2fee

    Score
    7/10
    antivm

    • Changes its process name

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Reads CPU attributes

    behavioral21behavioral22behavioral23behavioral24

    • Target

      package/array/#/keys/index.js

    • Size

      106B

    • MD5

      40715f8afdde8f7bf04794ce3583703a

    • SHA1

      aa3742c9dc04ec863368fc1a43a323dc928bacae

    • SHA256

      3d784cb7aaae415afce0ca06397ef9ed6b1c568cbd434ace33c8ac21c331ae97

    • SHA512

      6e96739b0d61cb45a379bc25312477ad02e63ed20c1dad953a9690d1ff7700e962f734e3a58eb7433064506c6ed6c2f5e1e45a68460bf15e6c136f2b28df0865

    Score
    7/10
    antivm

    • Changes its process name

    • Deletes itself

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Reads CPU attributes

    behavioral25behavioral26behavioral27behavioral28

    • Target

      package/array/#/keys/is-implemented.js

    • Size

      401B

    • MD5

      02ff6986e0ed3608a8900cd6d62cbdc1

    • SHA1

      1df7708d8ec545c510288285a77c2f4899269514

    • SHA256

      72db7f43b9afe0ea74f3769b395b0c48b1f715531278e7e98b7cade9fe367d8c

    • SHA512

      6affb88ed14c524313ec8fa966f8dd1e6c2687095f35bf6dd9305d80138e0be14939842a91275408570edc18f63c2368fcf47718745145b2e02367866b394cc4

    Score
    7/10
    antivm

    • Changes its process name

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Reads CPU attributes

    behavioral29behavioral30behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

7
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

7
T1497

System Information Discovery

14
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
1/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

antivm
Score
6/10

behavioral7

antivm
Score
7/10

behavioral8

antivm
Score
7/10

behavioral9

Score
3/10

behavioral10

antivm
Score
6/10

behavioral11

antivm
Score
7/10

behavioral12

antivm
Score
7/10

behavioral13

Score
3/10

behavioral14

antivm
Score
6/10

behavioral15

antivm
Score
7/10

behavioral16

antivm
Score
7/10

behavioral17

Score
3/10

behavioral18

antivm
Score
6/10

behavioral19

antivm
Score
7/10

behavioral20

antivm
Score
7/10

behavioral21

Score
3/10

behavioral22

antivm
Score
6/10

behavioral23

antivm
Score
7/10

behavioral24

antivm
Score
7/10

behavioral25

Score
3/10

behavioral26

antivm
Score
7/10

behavioral27

antivm
Score
7/10

behavioral28

antivm
Score
7/10

behavioral29

Score
3/10

behavioral30

antivm
Score
6/10

behavioral31

antivm
Score
7/10

behavioral32

antivm
Score
7/10