Malware Analysis Report

2025-01-23 15:18

Sample ID 240825-l7mgna1amk
Target target.js
SHA256 9a6ed44643228848d0040e8f91fa9834b086812ae15b60056763e68148ca00f9
Tags
antivm
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

9a6ed44643228848d0040e8f91fa9834b086812ae15b60056763e68148ca00f9

Threat Level: Likely benign

The file target.js was found to be: Likely benign.

Malicious Activity Summary

antivm

Changes its process name

Checks CPU configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 10:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 10:10

Reported

2024-08-25 10:40

Platform

debian9-mipsel-20240611-en

Max time kernel

14s

Max time network

58s

Command Line

[nodejs /tmp/target.js]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A
Changes the process name, possibly in an attempt to hide itself V8 WorkerThread N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/nodejs N/A

Processes

/usr/bin/nodejs

[nodejs /tmp/target.js]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsel-20240611-en-2 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-2 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-2 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-2 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-2 udp
US 1.1.1.1:53 debian9-mipsel-20240611-en-2 udp

Files

N/A