1a5b05acd3e262da53b10eb0113d910db06203e113dfa12315ee9aa4e590cc1a

Resubmissions

20-04-2024 14:21

240420-rn7w5sae35 4

Analysis

max time kernel
4s
max time network
1684s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
20-04-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

m=Da4hkd,Eox39d,Fy1Pv,GElbSc,HYSCof,UzbKLd,Wo3n8,aD8OEe,fcDBE,msmzHf,pHXghd,rTuANe,tIj4fb,xdV1C,xfmZMb,yfZcPd.js
Size

723KB
MD5

b6c7b221c1ebb0994c9b6d7ab018d657
SHA1

a007391dd35c77eb532de10eacb036728b33b6e1
SHA256

1a5b05acd3e262da53b10eb0113d910db06203e113dfa12315ee9aa4e590cc1a
SHA512

e4c2fd45c4d7e4b3d09a2c9b5ffc171533364ca02161f8ec02c213c52edcc5cd04449d1601463ad5c96654fef9821f44554c42ae82df72c6419e5799019a8c68
SSDEEP

12288:UdStkWGr4MGSyKfBHpHaC3aNuGzq+xCwQeYv4nxZ:UKkWWYSyKfBHpHaC3asGG+xC1eYv4nxZ

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

node

description ioc process

File opened for reading /proc/cpuinfo node
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

node

description ioc process

File opened for reading /sys/devices/system/cpu/online node
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

node

description ioc process

File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes node
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

node

description ioc process

File opened for reading /proc/meminfo node

description	ioc	process
File opened for reading	/proc/cpuinfo	node

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	node

description	ioc	process
File opened for reading	/sys/fs/cgroup/memory/memory.limit_in_bytes	node

description	ioc	process
File opened for reading	/proc/meminfo	node

/usr/bin/node
node "/tmp/m=Da4hkd,Eox39d,Fy1Pv,GElbSc,HYSCof,UzbKLd,Wo3n8,aD8OEe,fcDBE,msmzHf,pHXghd,rTuANe,tIj4fb,xdV1C,xfmZMb,yfZcPd.js"
1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:638

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads