Analysis

  • max time kernel
    5s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    30-08-2024 16:52

General

  • Target

    Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv

  • Size

    5KB

  • MD5

    609e158d49f62218881284bcb784fe2b

  • SHA1

    752e6f7532dbd0856e43a418b547dac9046f502b

  • SHA256

    4f1b44ad1628c6f826ac88b90f25f49c2622f26c211b477a3e56af7cf6723684

  • SHA512

    cca8637b0d4193e497c76d7e2f03ce46d4a041e2aeb400b3268946ef58e8d464a0d0946e2e96db886ba3379f5846c09354870eda2df29b63f2a711e65354fbaa

  • SSDEEP

    96:t/FsucdGpVrC8PkKWHGi+tjPpofAlViqLIgDZxFI5DnSFSEkSRximjm4QJDjo:1FTpOCm+jofAlViqLIOZ7CDS3kSjfoZs

Score
4/10

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv
    "/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"
    1⤵
      PID:662
    • /usr/local/sbin/node
      node "/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"
      1⤵
        PID:662
      • /usr/local/bin/node
        node "/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"
        1⤵
          PID:662
        • /usr/sbin/node
          node "/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"
          1⤵
            PID:662
          • /usr/bin/node
            node "/tmp/Cihad Channel Url sniper/node_modules/sshpk/bin/sshpk-conv"
            1⤵
            • Checks CPU configuration
            • Reads CPU attributes
            • Enumerates kernel/hardware configuration
            • Reads runtime system information
            PID:662

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads