020a919a27f685757a1e0362a8daac99f2a62b1f25e58c744545ac70d3aca29e

Analysis

max time kernel
7s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
13-07-2024 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

para battly launcher/resources/app/node_modules/checksum/bin/checksum-cli.js
Size

2KB
MD5

8c280359e85934cf2a5f352592efc7fb
SHA1

0d170ccec9438ca30f7d7884639f7b7e07eccd95
SHA256

2f8a22360d781fd4fdb4cae566dfb5caefe4e3f5acb808826bbe4d895ae5d642
SHA512

87e3e7cde583699e9d49c05152619ea0f61afc832d923c14b317f5de3d4965a902d55fe65048cf2ccf1e255210125b041fc6bee05e161b9064e80eadf59c8baf

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	node

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	node

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/fs/cgroup/memory/memory.limit_in_bytes	node

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/meminfo	node

/tmp/para battly launcher/resources/app/node_modules/checksum/bin/checksum-cli.js
"/tmp/para battly launcher/resources/app/node_modules/checksum/bin/checksum-cli.js"
1⤵
PID:807

/usr/local/sbin/node
node "/tmp/para battly launcher/resources/app/node_modules/checksum/bin/checksum-cli.js"
1⤵
PID:807

/usr/local/bin/node
node "/tmp/para battly launcher/resources/app/node_modules/checksum/bin/checksum-cli.js"
1⤵
PID:807

/usr/sbin/node
node "/tmp/para battly launcher/resources/app/node_modules/checksum/bin/checksum-cli.js"
1⤵
PID:807

/usr/bin/node
node "/tmp/para battly launcher/resources/app/node_modules/checksum/bin/checksum-cli.js"
1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:807

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads