Resubmissions
30-08-2024 17:51
240830-wfmcpawhqb 6Analysis
-
max time kernel
140s -
max time network
153s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
30-08-2024 17:51
Static task
static1
Behavioral task
behavioral1
Sample
exe
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
exe
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral3
Sample
exe
Resource
ubuntu2204-amd64-20240611-en
General
-
Target
exe
-
Size
6.4MB
-
MD5
15fc2424f5a5e0550803eadcf13a8977
-
SHA1
20eaf51d2a01e2b5cb3957e3b1166c7f4220d2a0
-
SHA256
18e2b7df374a838a57ebf3186b13a26e523cf964afde50b7ba765ed4d5509670
-
SHA512
b19837a56c1ac3da1d5977fb5869a5b6db5bbd311844119091896925515440e1c26560f1b253703f9b43a4a4be1b83257194eb233302b870c898c65bd70da8a6
-
SSDEEP
49152:r2sMiOIGTRTrb/TAvO90d7HjmAFd4A64nsfJ5RfyTArxU1ct3fUTCgqsLiWy4ISN:YdVU1EL4ZVEh2RA
Malware Config
Signatures
-
Checks mountinfo of local process 1 TTPs 1 IoCs
Checks mountinfo of running processes which indicate if it is running in chroot jail.
description ioc Process File opened for reading /proc/1/mountinfo exe -
Reads hardware information 1 TTPs 1 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/class/dmi/id/product_uuid exe -
Reads list of loaded kernel modules 1 TTPs 1 IoCs
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
description ioc Process File opened for reading /proc/modules exe -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo exe -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size exe -
Reads runtime system information 8 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/status exe File opened for reading /proc/1/environ exe File opened for reading /proc/self/cgroup exe File opened for reading /proc/filesystems exe File opened for reading /proc/1/stat exe File opened for reading /proc/1/comm exe File opened for reading /proc/stat exe File opened for reading /proc/bus/pci/devices exe