Malware Analysis Report

2024-10-10 11:33

Sample ID 240614-wkp95s1bnc
Target trigger.js
SHA256 c7e21a468ae4cbaedb82d07662b496baed6f46c476f358b5fdf060f870d2e895
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

c7e21a468ae4cbaedb82d07662b496baed6f46c476f358b5fdf060f870d2e895

Threat Level: Likely benign

The file trigger.js was found to be: Likely benign.

Malicious Activity Summary


Enumerates kernel/hardware configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 17:59

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 17:59

Reported

2024-06-14 17:59

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-14 17:59

Reported

2024-06-14 17:59

Platform

debian9-mipsel-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-14 17:59

Reported

2024-06-14 18:03

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

180s

Command Line

[node /tmp/trigger.js]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/usr/bin/node

[node /tmp/trigger.js]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.8:443 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.48:80 connectivity-check.ubuntu.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 17:59

Reported

2024-06-14 17:59

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 17:59

Reported

2024-06-14 17:59

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 17:59

Reported

2024-06-14 18:02

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A