Overview

overview

7

Static

static

1

5fa7595c38...pkey_5

ubuntu-20.04-amd64

7

Resubmissions

09-04-2024 12:32

240409-pql2caac4v 8

09-04-2024 11:57

240409-n41afsed37 7

08-04-2024 11:38

240408-nr43wagb76 7

02-04-2024 11:55

240402-n3f57ahb3s 7

27-03-2024 13:16

240327-qhx93sga5v 7

25-03-2024 07:32

240325-jczgmade81 7

13-03-2024 10:09

240313-l6zetsag21 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5fa7595c38e29ad36ff3ec76bf266f9c391510f773c7d8b43555db534332d763_patched_pkey_5

  • Size

    8.1MB

  • Sample

    240327-qhx93sga5v

  • MD5

    e0efd46445731c6c35deffe8d9e47888

  • SHA1

    219a2cc1df97fe0b51244f7238aa4114e858f1d0

  • SHA256

    471c70b6764c6f719bab35b92678e323d53928a14617737a6fc994dc27d2a12e

  • SHA512

    92a5438489316593f45f4afeca6e2a1654e75480f4670f58df5cb63091ec52dd8279b156a3949e2243dc350dbe31220b2ac433abb4250ddc238f70d295d1949d

  • SSDEEP

    49152:az1q8M+srb/TIvO90dL3BmAFd4A64nsfJrYJaRM6CxN4+WqFottdpaCEy4SahdBV:auM2GebQyF66rNdvEoS5

Score
7/10
antivminfostealerlinux

Malware Config

Targets

    • Target

      5fa7595c38e29ad36ff3ec76bf266f9c391510f773c7d8b43555db534332d763_patched_pkey_5

    • Size

      8.1MB

    • MD5

      e0efd46445731c6c35deffe8d9e47888

    • SHA1

      219a2cc1df97fe0b51244f7238aa4114e858f1d0

    • SHA256

      471c70b6764c6f719bab35b92678e323d53928a14617737a6fc994dc27d2a12e

    • SHA512

      92a5438489316593f45f4afeca6e2a1654e75480f4670f58df5cb63091ec52dd8279b156a3949e2243dc350dbe31220b2ac433abb4250ddc238f70d295d1949d

    • SSDEEP

      49152:az1q8M+srb/TIvO90dL3BmAFd4A64nsfJrYJaRM6CxN4+WqFottdpaCEy4SahdBV:auM2GebQyF66rNdvEoS5

    Score
    7/10
    antivminfostealer

    • Deletes itself

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

      infostealer

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads CPU attributes

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks