471c70b6764c6f719bab35b92678e323d53928a14617737a6fc994dc27d2a12e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

5fa7595c38...pkey_5

ubuntu-20.04-amd64

8

Resubmissions

02-05-2024 13:21

240502-qll18ahg3s 7

09-04-2024 12:32

240409-pql2caac4v 8

09-04-2024 11:57

240409-n41afsed37 7

08-04-2024 11:38

240408-nr43wagb76 7

02-04-2024 11:55

240402-n3f57ahb3s 7

27-03-2024 13:16

240327-qhx93sga5v 7

25-03-2024 07:32

240325-jczgmade81 7

13-03-2024 10:09

240313-l6zetsag21 7

Sharing

General

Target

5fa7595c38e29ad36ff3ec76bf266f9c391510f773c7d8b43555db534332d763_patched_pkey_5
Size

8.1MB
Sample

240409-pql2caac4v
MD5

e0efd46445731c6c35deffe8d9e47888
SHA1

219a2cc1df97fe0b51244f7238aa4114e858f1d0
SHA256

471c70b6764c6f719bab35b92678e323d53928a14617737a6fc994dc27d2a12e
SHA512

92a5438489316593f45f4afeca6e2a1654e75480f4670f58df5cb63091ec52dd8279b156a3949e2243dc350dbe31220b2ac433abb4250ddc238f70d295d1949d
SSDEEP

49152:az1q8M+srb/TIvO90dL3BmAFd4A64nsfJrYJaRM6CxN4+WqFottdpaCEy4SahdBV:auM2GebQyF66rNdvEoS5

Score

8^/10

antivm discovery infostealer linux

Static task

static1

Behavioral task

behavioral1

Sample

5fa7595c38e29ad36ff3ec76bf266f9c391510f773c7d8b43555db534332d763_patched_pkey_5

Resource

ubuntu2004-amd64-20240221-en

antivm discovery infostealer

ubuntu-20.04-amd64

11 signatures

1800 seconds

Malware Config

Targets

- Target
  
  5fa7595c38e29ad36ff3ec76bf266f9c391510f773c7d8b43555db534332d763_patched_pkey_5
- Size
  
  8.1MB
- MD5
  
  e0efd46445731c6c35deffe8d9e47888
- SHA1
  
  219a2cc1df97fe0b51244f7238aa4114e858f1d0
- SHA256
  
  471c70b6764c6f719bab35b92678e323d53928a14617737a6fc994dc27d2a12e
- SHA512
  
  92a5438489316593f45f4afeca6e2a1654e75480f4670f58df5cb63091ec52dd8279b156a3949e2243dc350dbe31220b2ac433abb4250ddc238f70d295d1949d
- SSDEEP
  
  49152:az1q8M+srb/TIvO90dL3BmAFd4A64nsfJrYJaRM6CxN4+WqFottdpaCEy4SahdBV:auM2GebQyF66rNdvEoS5
Score

8^/10

antivm discovery infostealer
- Contacts a large (1091) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Reads EFI boot settings
  Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
  infostealer
- Attempts to change immutable files
  Modifies inode attributes on the filesystem to allow changing of immutable files.
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads CPU attributes
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

antivmdiscoveryinfostealer

© 2018-2024

Terms | Privacy