Executes dropped EXE

UPX packed file

Detects executables packed with UPX/modified UPX open source packer.

Attempts to change immutable files

Modifies inode attributes on the filesystem to allow changing of immutable files.

Checks hardware identifiers (DMI)

Checks DMI information which indicate if the system is a virtual machine.

Creates/modifies Cron job

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

Enumerates running processes

Discovers information about currently running processes on the system

Modifies init.d

Adds/modifies system service, likely for persistence.

Modifies systemd

Adds/ modifies systemd service files. Likely to achieve persistence.

Reads hardware information

Accesses system info like serial numbers, manufacturer names etc.

Writes file to system bin folder