Resubmissions
17-07-2024 21:48
240717-1nrplatgpf 417-07-2024 21:46
240717-1mwxxstglc 317-07-2024 21:30
240717-1cxrgazepq 4Analysis
-
max time kernel
14s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
17-07-2024 21:48
Static task
static1
Behavioral task
behavioral1
Sample
JspSpy.js
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
JspSpy.js
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
JspSpy.js
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
JspSpy.js
Resource
debian9-mipsel-20240418-en
General
-
Target
JspSpy.js
-
Size
85KB
-
MD5
3e7352898784257c3dc5090e42017583
-
SHA1
4edc2537b30bc5c7c37283bedc8a7252613b6f6e
-
SHA256
90a9eb7b0f291829f061a624995efa083d1db94c660fac01012cd3090abe8512
-
SHA512
7c014bdac8372cb9f6f22698fc90ed42be28792391b7843dc6939494f0770f2ec0973985b11fdf134169e1e6a3296d6a5d40df97cd526fa300234364d2a8d88a
-
SSDEEP
1536:h6k4VlinMaHRSegdMaHRSeoVUCR1hUD3AU2wqJ:hl+KJ
Malware Config
Signatures
-
Changes its process name 4 IoCs
Processes:
description ioc pid Changes the process name, possibly in an attempt to hide itself V8 WorkerThread 720 Changes the process name, possibly in an attempt to hide itself V8 WorkerThread 722 Changes the process name, possibly in an attempt to hide itself V8 WorkerThread 724 Changes the process name, possibly in an attempt to hide itself V8 WorkerThread 725 -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
Processes:
nodejsdescription ioc process File opened for reading /proc/cpuinfo nodejs