e89b79c039776ff64e4979a80fa95c020161a98f8cb434fbfd09f409ba73bd9e | Triage

Submit
Reports

Overview

overview

9

Static

static

7

i686

ubuntu-20.04-amd64

9

Sharing

General

Target

i686
Size

1.8MB
Sample

240528-zkrprabf3x
MD5

5e4092a39ab18cf9829f87b6d1310f0b
SHA1

c2f14ce4d1a840a8dc84240cd023968e7250d85d
SHA256

e89b79c039776ff64e4979a80fa95c020161a98f8cb434fbfd09f409ba73bd9e
SHA512

6f4d6c7e4e0eff77a02285fbdd3aa602d4d762d50909a4a6cd83098af80fb34f2b2abdba783a88031a759b3a718e0433626e586782afedf5e228467d94e60fe9
SSDEEP

49152:h1nuaX0I+fBiR2nDnn9BSMu+vEPwa51nRoZBf3+3mfSTMw:zn5D+fBiInDnmpYa51RoBf3+3mfSj

Score

9^/10

antivm discovery linux persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

i686

Resource

ubuntu2004-amd64-20240508-en

antivm discovery persistence

ubuntu-20.04-amd64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  i686
- Size
  
  1.8MB
- MD5
  
  5e4092a39ab18cf9829f87b6d1310f0b
- SHA1
  
  c2f14ce4d1a840a8dc84240cd023968e7250d85d
- SHA256
  
  e89b79c039776ff64e4979a80fa95c020161a98f8cb434fbfd09f409ba73bd9e
- SHA512
  
  6f4d6c7e4e0eff77a02285fbdd3aa602d4d762d50909a4a6cd83098af80fb34f2b2abdba783a88031a759b3a718e0433626e586782afedf5e228467d94e60fe9
- SSDEEP
  
  49152:h1nuaX0I+fBiR2nDnn9BSMu+vEPwa51nRoZBf3+3mfSTMw:zn5D+fBiInDnmpYa51RoBf3+3mfSj
Score

9^/10

antivm discovery persistence
- Contacts a large (295393) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

antivmdiscoverypersistence

© 2018-2024

Terms | Privacy