General
-
Target
linux-unpacked.zip
-
Size
203.1MB
-
MD5
3065e9bd334fcc966f6af46ccba39ec5
-
SHA1
459215bac8410af189502917d6fb4c985e3830e9
-
SHA256
802561f305bccbd9917069b06d493b7ed9b8283eff665e07e58195562638c853
-
SHA512
ba575f180ba5bcbfc1c3a34a1da0bb5b6f087914b688d908c6d95719a0df3ac3882573961169411d9833e74b172ebac1bcde896b7b0dc25b9edb679d911c804c
-
SSDEEP
6291456:ojuCoRKzkS+0GlkppSUgrngPRY3Vdg96DCwd5As4961ZLemdxbN:uo0zkzObZYHg+5As+gLFLJ
Malware Config
Signatures
-
Patched UPX-packed file 1 IoCs
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
resource yara_rule static1/unpack002/out.upx patched_upx -
resource yara_rule static1/unpack001/linux-unpacked/resources/assets/upx/upx.exe upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/linux-unpacked/resources/assets/upx/upx.exe unpack002/out.upx
Files
-
linux-unpacked.zip.zip
-
linux-unpacked/LICENSE.electron.txt
-
linux-unpacked/LICENSES.chromium.html
-
linux-unpacked/chrome-sandbox.elf linux x64
-
linux-unpacked/chrome_100_percent.pak
-
linux-unpacked/chrome_200_percent.pak
-
linux-unpacked/chrome_crashpad_handler.elf linux x64
-
linux-unpacked/icudtl.dat
-
linux-unpacked/libEGL.so.elf linux x64
-
linux-unpacked/libGLESv2.so.elf linux x64
-
linux-unpacked/libffmpeg.so.elf linux x64
-
linux-unpacked/libvk_swiftshader.so.elf linux x64
-
linux-unpacked/libvulkan.so.1.elf linux x64
-
linux-unpacked/locales/af.pak
-
linux-unpacked/locales/am.pak
-
linux-unpacked/locales/ar.pak
-
linux-unpacked/locales/bg.pak
-
linux-unpacked/locales/bn.pak
-
linux-unpacked/locales/ca.pak
-
linux-unpacked/locales/cs.pak
-
linux-unpacked/locales/da.pak
-
linux-unpacked/locales/de.pak
-
linux-unpacked/locales/el.pak
-
linux-unpacked/locales/en-GB.pak
-
linux-unpacked/locales/en-US.pak
-
linux-unpacked/locales/es-419.pak
-
linux-unpacked/locales/es.pak
-
linux-unpacked/locales/et.pak
-
linux-unpacked/locales/fa.pak
-
linux-unpacked/locales/fi.pak
-
linux-unpacked/locales/fil.pak
-
linux-unpacked/locales/fr.pak
-
linux-unpacked/locales/gu.pak
-
linux-unpacked/locales/he.pak
-
linux-unpacked/locales/hi.pak
-
linux-unpacked/locales/hr.pak
-
linux-unpacked/locales/hu.pak
-
linux-unpacked/locales/id.pak
-
linux-unpacked/locales/it.pak
-
linux-unpacked/locales/ja.pak
-
linux-unpacked/locales/kn.pak
-
linux-unpacked/locales/ko.pak
-
linux-unpacked/locales/lt.pak
-
linux-unpacked/locales/lv.pak
-
linux-unpacked/locales/ml.pak
-
linux-unpacked/locales/mr.pak
-
linux-unpacked/locales/ms.pak
-
linux-unpacked/locales/nb.pak
-
linux-unpacked/locales/nl.pak
-
linux-unpacked/locales/pl.pak
-
linux-unpacked/locales/pt-BR.pak
-
linux-unpacked/locales/pt-PT.pak
-
linux-unpacked/locales/ro.pak
-
linux-unpacked/locales/ru.pak
-
linux-unpacked/locales/sk.pak
-
linux-unpacked/locales/sl.pak
-
linux-unpacked/locales/sr.pak
-
linux-unpacked/locales/sv.pak
-
linux-unpacked/locales/sw.pak
-
linux-unpacked/locales/ta.pak
-
linux-unpacked/locales/te.pak
-
linux-unpacked/locales/th.pak
-
linux-unpacked/locales/tr.pak
-
linux-unpacked/locales/uk.pak
-
linux-unpacked/locales/ur.pak
-
linux-unpacked/locales/vi.pak
-
linux-unpacked/locales/zh-CN.pak
-
linux-unpacked/locales/zh-TW.pak
-
linux-unpacked/nix.elf linux x64
-
linux-unpacked/resources.pak
-
linux-unpacked/resources/app-update.yml
-
linux-unpacked/resources/app.asar
-
linux-unpacked/resources/assets/default_theme/background.png.png
-
linux-unpacked/resources/assets/images/favicon_shadow.ico
-
linux-unpacked/resources/assets/images/nix.png.png
-
linux-unpacked/resources/assets/upx/upx.exe.exe windows:4 windows x64 arch:x64
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 550KB - Virtual size: 552KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x64 arch:x64
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 895KB - Virtual size: 894KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 11KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
linux-unpacked/snapshot_blob.bin
-
linux-unpacked/v8_context_snapshot.bin
-
linux-unpacked/vk_swiftshader_icd.json