Analysis
-
max time kernel
140s -
max time network
148s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
30-08-2024 17:57
Static task
static1
Behavioral task
behavioral1
Sample
exe3
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
exe3
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral3
Sample
exe3
Resource
ubuntu2204-amd64-20240522.1-en
General
-
Target
exe3
-
Size
6.4MB
-
MD5
15fc2424f5a5e0550803eadcf13a8977
-
SHA1
20eaf51d2a01e2b5cb3957e3b1166c7f4220d2a0
-
SHA256
18e2b7df374a838a57ebf3186b13a26e523cf964afde50b7ba765ed4d5509670
-
SHA512
b19837a56c1ac3da1d5977fb5869a5b6db5bbd311844119091896925515440e1c26560f1b253703f9b43a4a4be1b83257194eb233302b870c898c65bd70da8a6
-
SSDEEP
49152:r2sMiOIGTRTrb/TAvO90d7HjmAFd4A64nsfJ5RfyTArxU1ct3fUTCgqsLiWy4ISN:YdVU1EL4ZVEh2RA
Malware Config
Signatures
-
Checks mountinfo of local process 1 TTPs 1 IoCs
Checks mountinfo of running processes which indicate if it is running in chroot jail.
description ioc Process File opened for reading /proc/1/mountinfo exe3 -
Reads hardware information 1 TTPs 1 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/class/dmi/id/product_uuid exe3 -
Reads list of loaded kernel modules 1 TTPs 1 IoCs
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
description ioc Process File opened for reading /proc/modules exe3 -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo exe3 -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size exe3 -
Reads runtime system information 8 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/status exe3 File opened for reading /proc/1/environ exe3 File opened for reading /proc/self/cgroup exe3 File opened for reading /proc/filesystems exe3 File opened for reading /proc/1/stat exe3 File opened for reading /proc/1/comm exe3 File opened for reading /proc/stat exe3 File opened for reading /proc/bus/pci/devices exe3