General
-
Target
bJL.png
-
Size
1.6MB
-
Sample
240605-jgzceshg9w
-
MD5
b99d23a829926888e7be575ed96c6a51
-
SHA1
e50343b161af02e1523ee382ca29bb9af430ae10
-
SHA256
8fc5d13238daba3a4986d674ad885f81850c67000c7f4f57df707f5d810ad241
-
SHA512
71b7ba07a6d3027a395855858d38a7db6ed684f2868504ad2202038375453a6bc61612099c6b5c0fa98284e5cca54b9250453288b2cad2af06188153b314ea10
-
SSDEEP
49152:vN2dpxLlZxvnwuBIAC4YuWC/YPPTWVDffysQyHFU:vwvhlZxvwyIH4YuWISSpLHe
Behavioral task
behavioral1
Sample
bJL.png
Resource
ubuntu1804-amd64-20240508-en
Malware Config
Targets
-
-
Target
bJL.png
-
Size
1.6MB
-
MD5
b99d23a829926888e7be575ed96c6a51
-
SHA1
e50343b161af02e1523ee382ca29bb9af430ae10
-
SHA256
8fc5d13238daba3a4986d674ad885f81850c67000c7f4f57df707f5d810ad241
-
SHA512
71b7ba07a6d3027a395855858d38a7db6ed684f2868504ad2202038375453a6bc61612099c6b5c0fa98284e5cca54b9250453288b2cad2af06188153b314ea10
-
SSDEEP
49152:vN2dpxLlZxvnwuBIAC4YuWC/YPPTWVDffysQyHFU:vwvhlZxvwyIH4YuWISSpLHe
Score9/10-
Contacts a large (1087984) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-