Overview
overview
4Static
static
1Cihad Chan...fer.js
windows7-x64
3Cihad Chan...fer.js
windows10-2004-x64
3Cihad Chan...ous.js
windows7-x64
3Cihad Chan...ous.js
windows10-2004-x64
3Cihad Chan...fer.js
windows7-x64
3Cihad Chan...fer.js
windows10-2004-x64
3Cihad Chan...sts.js
windows7-x64
3Cihad Chan...sts.js
windows10-2004-x64
3Cihad Chan...ate.js
windows7-x64
3Cihad Chan...ate.js
windows10-2004-x64
3Cihad Chan...DME.js
windows7-x64
3Cihad Chan...DME.js
windows10-2004-x64
3Cihad Chan...k-conv
ubuntu-18.04-amd64
3Cihad Chan...k-conv
debian-9-armhf
4Cihad Chan...k-conv
debian-9-mips
1Cihad Chan...k-conv
debian-9-mipsel
1Cihad Chan...k-sign
ubuntu-18.04-amd64
3Cihad Chan...k-sign
debian-9-armhf
4Cihad Chan...k-sign
debian-9-mips
1Cihad Chan...k-sign
debian-9-mipsel
1Cihad Chan...verify
ubuntu-18.04-amd64
3Cihad Chan...verify
debian-9-armhf
4Cihad Chan...verify
debian-9-mips
1Cihad Chan...verify
debian-9-mipsel
1Cihad Chan...lgs.js
windows7-x64
3Cihad Chan...lgs.js
windows10-2004-x64
3Cihad Chan...ate.js
windows7-x64
3Cihad Chan...ate.js
windows10-2004-x64
3Cihad Chan...dhe.js
windows7-x64
3Cihad Chan...dhe.js
windows10-2004-x64
3Cihad Chan...pat.js
windows7-x64
3Cihad Chan...pat.js
windows10-2004-x64
3Analysis
-
max time kernel
5s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
30-08-2024 16:52
Static task
static1
Behavioral task
behavioral1
Sample
Cihad Channel Url sniper/node_modules/safer-buffer/Porting-Buffer.js
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Cihad Channel Url sniper/node_modules/safer-buffer/Porting-Buffer.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Cihad Channel Url sniper/node_modules/safer-buffer/dangerous.js
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Cihad Channel Url sniper/node_modules/safer-buffer/dangerous.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Cihad Channel Url sniper/node_modules/safer-buffer/safer.js
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
Cihad Channel Url sniper/node_modules/safer-buffer/safer.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Cihad Channel Url sniper/node_modules/safer-buffer/tests.js
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Cihad Channel Url sniper/node_modules/safer-buffer/tests.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Cihad Channel Url sniper/node_modules/setimmediate/setImmediate.js
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
Cihad Channel Url sniper/node_modules/setimmediate/setImmediate.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Cihad Channel Url sniper/node_modules/sshpk/README.js
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
Cihad Channel Url sniper/node_modules/sshpk/README.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral14
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral15
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral16
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral17
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-sign
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral18
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-sign
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral19
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-sign
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral20
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-sign
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral21
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-verify
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral22
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-verify
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral23
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-verify
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral24
Sample
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-verify
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral25
Sample
Cihad Channel Url sniper/node_modules/sshpk/lib/algs.js
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
Cihad Channel Url sniper/node_modules/sshpk/lib/algs.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Cihad Channel Url sniper/node_modules/sshpk/lib/certificate.js
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
Cihad Channel Url sniper/node_modules/sshpk/lib/certificate.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
Cihad Channel Url sniper/node_modules/sshpk/lib/dhe.js
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
Cihad Channel Url sniper/node_modules/sshpk/lib/dhe.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
Cihad Channel Url sniper/node_modules/sshpk/lib/ed-compat.js
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
Cihad Channel Url sniper/node_modules/sshpk/lib/ed-compat.js
Resource
win10v2004-20240802-en
General
-
Target
Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv
-
Size
5KB
-
MD5
609e158d49f62218881284bcb784fe2b
-
SHA1
752e6f7532dbd0856e43a418b547dac9046f502b
-
SHA256
4f1b44ad1628c6f826ac88b90f25f49c2622f26c211b477a3e56af7cf6723684
-
SHA512
cca8637b0d4193e497c76d7e2f03ce46d4a041e2aeb400b3268946ef58e8d464a0d0946e2e96db886ba3379f5846c09354870eda2df29b63f2a711e65354fbaa
-
SSDEEP
96:t/FsucdGpVrC8PkKWHGi+tjPpofAlViqLIgDZxFI5DnSFSEkSRximjm4QJDjo:1FTpOCm+jofAlViqLIOZ7CDS3kSjfoZs
Malware Config
Signatures
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo node -
Reads CPU attributes 1 TTPs 1 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online node -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes node -
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/meminfo node File opened for reading /proc/sys/vm/overcommit_memory node
Processes
-
/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"1⤵PID:662
-
/usr/local/sbin/nodenode "/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"1⤵PID:662
-
/usr/local/bin/nodenode "/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"1⤵PID:662
-
/usr/sbin/nodenode "/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"1⤵PID:662
-
/usr/bin/nodenode "/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:662