Analysis

  • max time kernel
    140s
  • max time network
    148s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    30-08-2024 17:58

General

  • Target

    safe

  • Size

    6.2MB

  • MD5

    6605c9087ec7b581ed0ff4ff0859b31b

  • SHA1

    73c692ab803379b0aa61715c688119a271001b32

  • SHA256

    d5c191bd92dd4e55d816ebd17144b0d401d0a6fbff376b230be4979049346910

  • SHA512

    28a91e2a21c2a1ce7e9497e8e0372d6d1115b7bce43817ff79fdd4183dc6cc7ba86ab7c1145e48e5be9a23704f0012807df60bf48b55ff5cfcf3cbf78e7bece3

  • SSDEEP

    49152:F4kJCDy6jigSZdQrb/TzvO90d7HjmAFd4A64nsfJ0QFOYLUTxsBrj+T8fzuM3SR7:7/T/Rrj9QzQhU3WKEnW0

Score
6/10

Malware Config

Signatures

  • Checks mountinfo of local process 1 TTPs 1 IoCs

    Checks mountinfo of running processes which indicate if it is running in chroot jail.

  • Reads hardware information 1 TTPs 1 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

  • Reads list of loaded kernel modules 1 TTPs 1 IoCs

    Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 8 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/safe
    /tmp/safe
    1⤵
    • Checks mountinfo of local process
    • Reads hardware information
    • Reads list of loaded kernel modules
    • Checks CPU configuration
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:1569

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads