Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22-05-2024 11:44

General

  • Target

    mcut-wd.exe

  • Size

    1009KB

  • MD5

    703394a9d440846e1a6d11cd2dce0f94

  • SHA1

    414a0335583dc15f853d115f057e912301809fd2

  • SHA256

    1bf0be20e23a9fac7d3f289262dcdb93f01229cc2a7bba27adccc122c6867ade

  • SHA512

    6ca1ee6fb113dbbb7e5e728e924a6dd84ebb23fd811053b420576b4d4296a233925c812f8b5d5776492b311fa0c265b862c401eabe0ccaae688713c02c4ce65b

  • SSDEEP

    24576:hFU527FUnEsWVFywiaesHXPEdoE54jYYl9e2W:E5trWVkwJ3+e8Yly

Score
6/10

Malware Config

Signatures

  • Reads MAC address of network interface 2 TTPs 2 IoCs

    Fetches the MAC address of active network interfaces. May be used to detect known values for hypervisors.

  • Changes its process name 1 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Enumerates kernel/hardware configuration 1 TTPs 3 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 8 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/mcut-wd.exe
    /tmp/mcut-wd.exe
    1⤵
    • Reads MAC address of network interface
    • Checks CPU configuration
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:1491
    • /bin/sh
      sh -c "mkdir -p /var/mcut/.data//acesso//tmp/"
      2⤵
        PID:1492
        • /bin/mkdir
          mkdir -p /var/mcut/.data//acesso//tmp/
          3⤵
          • Reads runtime system information
          PID:1493
      • /bin/sh
        sh -c "df -h"
        2⤵
          PID:1496
          • /bin/df
            df -h
            3⤵
            • Reads runtime system information
            PID:1497
        • /bin/sh
          sh -c "ls -lh /dev/disk/by-uuid/"
          2⤵
            PID:1498
            • /bin/ls
              ls -lh /dev/disk/by-uuid/
              3⤵
              • Reads runtime system information
              PID:1499
          • /bin/sh
            sh -c "ls /sys/class/net"
            2⤵
              PID:1500
              • /bin/ls
                ls /sys/class/net
                3⤵
                • Enumerates kernel/hardware configuration
                • Reads runtime system information
                PID:1501

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /var/mcut/log/mcut-wd.log

            Filesize

            26KB

            MD5

            18151d840abde785b6cfb2d15f6f73d3

            SHA1

            8f0a4de61aa20248bd62db7471df3b4f59e09451

            SHA256

            9c72a16ca8cd23b7287be92cfa1ee6b07ed1f5da5e1dba337dece11dae5ec6a0

            SHA512

            0e9a08a4c636c0628e91684eabd6ced1fb06acc9a27b8d5defe5070a4e6e2f3d22898fb6deaa85d7f259f75c9e64b8f4e945fc906d127fbf57ef0fe4761b85e6

          • memory/1491-1-0x0000000000400000-0x00000000008b6940-memory.dmp