Analysis
-
max time kernel
140s -
max time network
148s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
30-08-2024 17:58
Static task
static1
Behavioral task
behavioral1
Sample
safe
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
safe
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral3
Sample
safe
Resource
ubuntu2204-amd64-20240611-en
General
-
Target
safe
-
Size
6.2MB
-
MD5
6605c9087ec7b581ed0ff4ff0859b31b
-
SHA1
73c692ab803379b0aa61715c688119a271001b32
-
SHA256
d5c191bd92dd4e55d816ebd17144b0d401d0a6fbff376b230be4979049346910
-
SHA512
28a91e2a21c2a1ce7e9497e8e0372d6d1115b7bce43817ff79fdd4183dc6cc7ba86ab7c1145e48e5be9a23704f0012807df60bf48b55ff5cfcf3cbf78e7bece3
-
SSDEEP
49152:F4kJCDy6jigSZdQrb/TzvO90d7HjmAFd4A64nsfJ0QFOYLUTxsBrj+T8fzuM3SR7:7/T/Rrj9QzQhU3WKEnW0
Malware Config
Signatures
-
Checks mountinfo of local process 1 TTPs 1 IoCs
Checks mountinfo of running processes which indicate if it is running in chroot jail.
description ioc Process File opened for reading /proc/1/mountinfo safe -
Reads hardware information 1 TTPs 1 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/class/dmi/id/product_uuid safe -
Reads list of loaded kernel modules 1 TTPs 1 IoCs
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
description ioc Process File opened for reading /proc/modules safe -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo safe -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size safe -
Reads runtime system information 8 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/1/environ safe File opened for reading /proc/self/cgroup safe File opened for reading /proc/filesystems safe File opened for reading /proc/1/stat safe File opened for reading /proc/1/comm safe File opened for reading /proc/stat safe File opened for reading /proc/bus/pci/devices safe File opened for reading /proc/self/status safe