Malware Analysis Report

2025-01-23 15:27

Sample ID 240417-rhyraabc66
Target code.js
SHA256 4cc1666bb3c7ac152364450a63f33004bb97dff1eb41edbe0351668cc4bba690
Tags
antivm
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

4cc1666bb3c7ac152364450a63f33004bb97dff1eb41edbe0351668cc4bba690

Threat Level: Shows suspicious behavior

The file code.js was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm

Checks CPU configuration

Enumerates kernel/hardware configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 14:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 14:12

Reported

2024-04-17 14:21

Platform

debian12-mipsel-20240221-en

Max time kernel

41s

Max time network

57s

Command Line

[node /tmp/code.js]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/usr/bin/node

[node /tmp/code.js]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-mipsel-20240221-en-13 udp
US 1.1.1.1:53 debian12-mipsel-20240221-en-13 udp
US 1.1.1.1:53 debian12-mipsel-20240221-en-13 udp
US 1.1.1.1:53 debian12-mipsel-20240221-en-13 udp

Files

N/A