59683f9f715dce426afee207ed13d4bd53a5dea168b704c8b408705784c9bc28

Analysis

max time kernel
0s
max time network
2s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
05/08/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

baritone-1.21/build.js
Size

4KB
MD5

cab51e8687f8595cbcf0a253e6a03688
SHA1

dbcb39def0c7c2aac5720bf6323779391ac5f9a0
SHA256

f5dbe7c482aed216650a0aa35a311025720fa9dd7861f5e7dc09873d28eebd97
SHA512

c8eaf38d09040543ddf5bf94c97e73fcb6c52ec9d1ffc7af6204c1b5ad25e0a3802a2f9ee0880c4f1457783ee37138dda0cf8aed154b27a6515775881ef3af98
SSDEEP

96:1NThgZm+RFluQnbwgc0mzjUy3xCpRWBfgwLnymwbqLXYNJe:1NT+Zm+R/uQnEgcDsy3M7WBpLnymgqLX

Score

3^/10

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/fs/cgroup/system.slice/agent.service/memory.max	node
File opened for reading	/sys/fs/cgroup/system.slice/agent.service/memory.high	node

Reads runtime system information 3 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/cgroup	node
File opened for reading	/proc/meminfo	node
File opened for reading	/proc/self/maps	node

/usr/bin/node
node /tmp/baritone-1.21/build.js
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:2474

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...