Malware Analysis Report

2024-10-16 06:24

Sample ID 240626-vt2tvsxbmj
Target target.js
SHA256 ce9a8c8973478729a8ea39deaf9d35b60f0ff1a91f3b744dbda3bce48f3b22ed
Tags
antivm
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

ce9a8c8973478729a8ea39deaf9d35b60f0ff1a91f3b744dbda3bce48f3b22ed

Threat Level: Likely benign

The file target.js was found to be: Likely benign.

Malicious Activity Summary

antivm

Checks CPU configuration

Reads CPU attributes

Changes its process name

Enumerates kernel/hardware configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 17:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 17:17

Reported

2024-06-26 17:18

Platform

android-x64-20240624-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-26 17:17

Reported

2024-06-26 17:18

Platform

android-x64-arm64-20240624-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-26 17:17

Reported

2024-06-26 17:18

Platform

android-x86-arm-20240624-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-26 17:17

Reported

2024-06-26 17:21

Platform

debian9-armhf-20240611-en

Max time kernel

3s

Command Line

[node /tmp/target.js]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/node N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/usr/bin/node

[node /tmp/target.js]

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-26 17:17

Reported

2024-06-26 17:20

Platform

debian9-mipsbe-20240611-en

Max time kernel

36s

Command Line

[nodejs /tmp/target.js]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/nodejs N/A

Processes

/usr/bin/nodejs

[nodejs /tmp/target.js]

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-26 17:17

Reported

2024-06-26 17:22

Platform

debian9-mipsel-20240611-en

Max time kernel

12s

Command Line

[nodejs /tmp/target.js]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/nodejs N/A

Processes

/usr/bin/nodejs

[nodejs /tmp/target.js]

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-26 17:17

Reported

2024-06-26 17:21

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

179s

Command Line

[node /tmp/target.js]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/usr/bin/node

[node /tmp/target.js]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.193.91:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.3:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 195.181.164.14:443 1527653184.rsc.cdn77.org tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.49:80 connectivity-check.ubuntu.com tcp

Files

N/A