fc691ff55990120fbace5b1df7e363903a5eb2d09f8e09d0a65615c6e150c8d9

Analysis

max time kernel
3s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
27-06-2024 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

run.js
Size

47B
MD5

37a379cc1cf221ee2ef6b8f82ccb9d8b
SHA1

e92cdf178f30bbe11465f5af9278995c8ad6efd4
SHA256

fc691ff55990120fbace5b1df7e363903a5eb2d09f8e09d0a65615c6e150c8d9
SHA512

fb38868c3463363eaab81c4bbb20a8f6ac6c969c79e10e4ed47f0ee21ae7e9ffea3b24a08bad6afb264f1dd8aab59e97bb673d3e4d443c0e39b2facd60402672

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

node

description ioc process

File opened for reading /proc/cpuinfo node
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

node

description ioc process

File opened for reading /sys/devices/system/cpu/online node
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

node

description ioc process

File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes node
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

node

description ioc process

File opened for reading /proc/meminfo node

description	ioc	process
File opened for reading	/proc/cpuinfo	node

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	node

description	ioc	process
File opened for reading	/sys/fs/cgroup/memory/memory.limit_in_bytes	node

description	ioc	process
File opened for reading	/proc/meminfo	node

/usr/bin/node
node /tmp/run.js
1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:650

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads