Analysis
-
max time kernel
16s -
max time network
15s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
-
submitted
25-06-2024 19:23
General
-
Target
http://youtube.com
Score
4/10
Malware Config
Signatures
-
Changes its process name 64 IoCs
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes 1 TTPs 14 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/usr/bin/firefoxfirefox -new-tab http://youtube.com1⤵
-
/usr/bin/whichwhich /usr/bin/firefox2⤵
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -new-tab http://youtube.com1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr2⤵
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr2⤵
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr2⤵
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr2⤵
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/libexec/xdg-desktop-portal/usr/libexec/xdg-desktop-portal4⤵
- Reads runtime system information
-
/usr/libexec/xdg-document-portal/usr/libexec/xdg-document-portal4⤵
- Reads runtime system information
-
/usr/libexec/xdg-permission-store/usr/libexec/xdg-permission-store4⤵
- Reads runtime system information
-
/usr/libexec/xdg-desktop-portal-gtk/usr/libexec/xdg-desktop-portal-gtk4⤵
- Reads runtime system information
-
/usr/libexec/gvfsd/usr/libexec/gvfsd4⤵
- Reads runtime system information
-
/usr/libexec/gvfsd-trash/usr/libexec/gvfsd-trash --spawner :1.6 /org/gtk/gvfs/exec_spaw/05⤵
- Reads runtime system information
-
/usr/libexec/dconf-service/usr/libexec/dconf-service4⤵
-
/usr/bin/nautilus/usr/bin/nautilus --gapplication-service4⤵
- Reads CPU attributes
-
/usr/lib/firefox/glxtest/usr/lib/firefox/glxtest -f 132⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/bin/lsb_release/usr/bin/lsb_release -idrc2⤵
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr2⤵
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr2⤵
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr2⤵
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr2⤵
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234760 -appDir /usr/lib/firefox/browser "{1f034f52-38a3-4be9-8830-594ca94e131a}" 1385 true socket2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20227 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{3ac8e770-40a6-4c59-848f-427e6c4f0f17}" 1385 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28891 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{defdab92-a223-4f9b-b145-6d21512c8150}" 1385 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25493 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{4fbde93e-09c1-4f94-980b-62e9b3b4edd7}" 1385 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29613 -prefMapSize 234760 -appDir /usr/lib/firefox/browser "{713060db-8714-4be2-a7e9-b55b8b657766}" 1385 true utility2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{edb7dcb1-35ae-4b78-b447-df9abeba6549}" 1385 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{41a90496-c6eb-4fa4-91be-4ec0374d3a40}" 1385 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{f1a775e5-9702-477a-9632-bdb083d63de5}" 1385 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{33bdb096-3cc1-429f-bba6-4813d290015d}" 1385 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/libexec/gvfsd-fuse/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes1⤵