General
-
Target
i686
-
Size
1.8MB
-
Sample
240528-zkrprabf3x
-
MD5
5e4092a39ab18cf9829f87b6d1310f0b
-
SHA1
c2f14ce4d1a840a8dc84240cd023968e7250d85d
-
SHA256
e89b79c039776ff64e4979a80fa95c020161a98f8cb434fbfd09f409ba73bd9e
-
SHA512
6f4d6c7e4e0eff77a02285fbdd3aa602d4d762d50909a4a6cd83098af80fb34f2b2abdba783a88031a759b3a718e0433626e586782afedf5e228467d94e60fe9
-
SSDEEP
49152:h1nuaX0I+fBiR2nDnn9BSMu+vEPwa51nRoZBf3+3mfSTMw:zn5D+fBiInDnmpYa51RoBf3+3mfSj
Behavioral task
behavioral1
Sample
i686
Resource
ubuntu2004-amd64-20240508-en
Malware Config
Targets
-
-
Target
i686
-
Size
1.8MB
-
MD5
5e4092a39ab18cf9829f87b6d1310f0b
-
SHA1
c2f14ce4d1a840a8dc84240cd023968e7250d85d
-
SHA256
e89b79c039776ff64e4979a80fa95c020161a98f8cb434fbfd09f409ba73bd9e
-
SHA512
6f4d6c7e4e0eff77a02285fbdd3aa602d4d762d50909a4a6cd83098af80fb34f2b2abdba783a88031a759b3a718e0433626e586782afedf5e228467d94e60fe9
-
SSDEEP
49152:h1nuaX0I+fBiR2nDnn9BSMu+vEPwa51nRoZBf3+3mfSTMw:zn5D+fBiInDnmpYa51RoBf3+3mfSj
Score9/10-
Contacts a large (295393) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-