Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    30-08-2024 07:14

General

  • Target

    acc.rust

  • Size

    6.3MB

  • MD5

    344f1453093b763879350554787167ca

  • SHA1

    e085db51b3c59a160dee8ccd284a885c8037b19f

  • SHA256

    1232b8d5f116421803d267d6195e37a7198883d71b76ce3cdcb91730f86c9b79

  • SHA512

    6c5d96c553b65d3debf888763129ae9b6fe97673338362871e359d278a2f8d3446879413489ebdd8466d12cd5d18b2f7cd6b9c5439af4f507f08b014ca81dd8a

  • SSDEEP

    98304:RlseDWqiKjjVHyYT95FkeUzP5fd54vK3sVYO:QybdpDy5k

Score
6/10

Malware Config

Signatures

  • Checks mountinfo of local process 1 TTPs 1 IoCs

    Checks mountinfo of running processes which indicate if it is running in chroot jail.

  • Reads hardware information 1 TTPs 1 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

  • Reads list of loaded kernel modules 1 TTPs 1 IoCs

    Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 9 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to shm directory 1 IoCs

    Malware can drop malicious files in the shm directory which will run directly from RAM.

Processes

  • /tmp/acc.rust
    /tmp/acc.rust
    1⤵
    • Checks mountinfo of local process
    • Reads hardware information
    • Reads list of loaded kernel modules
    • Checks CPU configuration
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    • Writes file to shm directory
    PID:2315

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /dev/shm/.shmBn3CSl

    Filesize

    7.3MB

    MD5

    43ce320e49782adecfd70d4c0050c178

    SHA1

    72ea1ca71b2b95d869b51660477527010cfd574f

    SHA256

    aa0d8c7d92a0aac4c19d35b49b26ab430425ebc794a35775679624df4367c851

    SHA512

    61a24aa7bca6215c35538f99844d6dca0d9aa29127dc20b749d3d260020f469d97494cb62afa5ce88bd0ea0e8ba91eeb94840579523fdaa19f747838c0fbcc73