Overview

overview

6

Static

static

1

mcut-network.exe

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22-05-2024 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mcut-network.exe

  • Size

    3.9MB

  • MD5

    5b81314d150fc58a8d030bc7514267ab

  • SHA1

    fc149f713539420c8cda4a74b92b78a0874c532c

  • SHA256

    a17b84aea5c26f398982cbb0a190ed01064cd9b5c1698f0ecf632325c482eb75

  • SHA512

    24d6758e367196e9fb243ea9103c5f7ea70713070adc07f0cd32a841e15b5a9f806a1701bb93b45628a31e6e80eb9fa2477385501e474a2fcb3d91aa4be21b50

  • SSDEEP

    49152:PkfUOKadXTIFxCTjJgxKRvkdu05HIKCRxh6fED6QCUc+EgOoKR/+GNTzs:M8OK+XT5je8sdDJ06UcY0/rO

Score
6/10
antivmevasion

Malware Config

Signatures

  • Reads MAC address of network interface 2 TTPs 2 IoCs

    Fetches the MAC address of active network interfaces. May be used to detect known values for hypervisors.

    evasion
  • Changes its process name 1 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Enumerates kernel/hardware configuration 1 TTPs 3 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/mcut-network.exe
    /tmp/mcut-network.exe
    1⤵
    • Reads MAC address of network interface
    • Checks CPU configuration
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:1503
    • /bin/sh
      sh -c "mkdir -p /var/mcut/.data//acesso//tmp/"
      2⤵
        PID:1504
        • /bin/mkdir
          mkdir -p /var/mcut/.data//acesso//tmp/
          3⤵
          • Reads runtime system information
          PID:1505
      • /bin/sh
        sh -c "df -h"
        2⤵
          PID:1508
          • /bin/df
            df -h
            3⤵
            • Reads runtime system information
            PID:1509
        • /bin/sh
          sh -c "ls -lh /dev/disk/by-uuid/"
          2⤵
            PID:1510
            • /bin/ls
              ls -lh /dev/disk/by-uuid/
              3⤵
              • Reads runtime system information
              PID:1511
          • /bin/sh
            sh -c "ls /sys/class/net"
            2⤵
              PID:1512
              • /bin/ls
                ls /sys/class/net
                3⤵
                • Enumerates kernel/hardware configuration
                • Reads runtime system information
                PID:1513

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads