Analysis
-
max time kernel
147s -
max time network
150s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
30-08-2024 07:14
Static task
static1
Behavioral task
behavioral1
Sample
acc.rust
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
acc.rust
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral3
Sample
acc.rust
Resource
ubuntu2204-amd64-20240611-en
General
-
Target
acc.rust
-
Size
6.3MB
-
MD5
344f1453093b763879350554787167ca
-
SHA1
e085db51b3c59a160dee8ccd284a885c8037b19f
-
SHA256
1232b8d5f116421803d267d6195e37a7198883d71b76ce3cdcb91730f86c9b79
-
SHA512
6c5d96c553b65d3debf888763129ae9b6fe97673338362871e359d278a2f8d3446879413489ebdd8466d12cd5d18b2f7cd6b9c5439af4f507f08b014ca81dd8a
-
SSDEEP
98304:RlseDWqiKjjVHyYT95FkeUzP5fd54vK3sVYO:QybdpDy5k
Malware Config
Signatures
-
Checks mountinfo of local process 1 TTPs 1 IoCs
Checks mountinfo of running processes which indicate if it is running in chroot jail.
description ioc Process File opened for reading /proc/1/mountinfo acc.rust -
Reads hardware information 1 TTPs 1 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/class/dmi/id/product_uuid acc.rust -
Reads list of loaded kernel modules 1 TTPs 1 IoCs
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
description ioc Process File opened for reading /proc/modules acc.rust -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo acc.rust -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size acc.rust -
Reads runtime system information 9 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/bus/pci/devices acc.rust File opened for reading /proc/self/status acc.rust File opened for reading /proc/1/environ acc.rust File opened for reading /proc/filesystems acc.rust File opened for reading /proc/1/stat acc.rust File opened for reading /proc/1/comm acc.rust File opened for reading /proc/self/maps acc.rust File opened for reading /proc/stat acc.rust File opened for reading /proc/self/cgroup acc.rust -
Writes file to shm directory 1 IoCs
Malware can drop malicious files in the shm directory which will run directly from RAM.
description ioc Process File opened for modification /dev/shm/.shmBn3CSl acc.rust
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.3MB
MD543ce320e49782adecfd70d4c0050c178
SHA172ea1ca71b2b95d869b51660477527010cfd574f
SHA256aa0d8c7d92a0aac4c19d35b49b26ab430425ebc794a35775679624df4367c851
SHA51261a24aa7bca6215c35538f99844d6dca0d9aa29127dc20b749d3d260020f469d97494cb62afa5ce88bd0ea0e8ba91eeb94840579523fdaa19f747838c0fbcc73