Resubmissions

30-08-2024 17:51

240830-wfmcpawhqb 6

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    30-08-2024 17:51

General

  • Target

    exe

  • Size

    6.4MB

  • MD5

    15fc2424f5a5e0550803eadcf13a8977

  • SHA1

    20eaf51d2a01e2b5cb3957e3b1166c7f4220d2a0

  • SHA256

    18e2b7df374a838a57ebf3186b13a26e523cf964afde50b7ba765ed4d5509670

  • SHA512

    b19837a56c1ac3da1d5977fb5869a5b6db5bbd311844119091896925515440e1c26560f1b253703f9b43a4a4be1b83257194eb233302b870c898c65bd70da8a6

  • SSDEEP

    49152:r2sMiOIGTRTrb/TAvO90d7HjmAFd4A64nsfJ5RfyTArxU1ct3fUTCgqsLiWy4ISN:YdVU1EL4ZVEh2RA

Score
6/10

Malware Config

Signatures

  • Checks mountinfo of local process 1 TTPs 1 IoCs

    Checks mountinfo of running processes which indicate if it is running in chroot jail.

  • Reads hardware information 1 TTPs 1 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

  • Reads list of loaded kernel modules 1 TTPs 1 IoCs

    Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 8 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/exe
    /tmp/exe
    1⤵
    • Checks mountinfo of local process
    • Reads hardware information
    • Reads list of loaded kernel modules
    • Checks CPU configuration
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:2441

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads