Analysis

  • max time kernel
    145s
  • max time network
    132s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    30-08-2024 17:58

General

  • Target

    exe2

  • Size

    7.8MB

  • MD5

    0a2f3c43b33dedc9ce4144125a21edb6

  • SHA1

    114a54c77385e6a06dcc88a522dcf80a0533d748

  • SHA256

    15dc859276438bb55a1bcbf226b4b6b18b471c0f2fcee8a68e953da61af12d8f

  • SHA512

    e45c7587cd18e765cff7776c8391586125315b98a979a99077337045dcc86522ec1e7cd52c33d6c973b0578c6207feeb1ed884e7dbc222a96daf71ef22edc09b

  • SSDEEP

    49152:lLOIKx9eGrb/TSvO90dL3BmAFd4A64nsfJos81upTcr7fWg25g1tGoLNF8/be4Y8:lLH/tLJ2Q7fOrtTNUls0tQiLvE

Score
6/10

Malware Config

Signatures

  • Reads hardware information 1 TTPs 1 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

  • Reads list of loaded kernel modules 1 TTPs 1 IoCs

    Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Enumerates kernel/hardware configuration 1 TTPs 3 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 10 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/exe2
    /tmp/exe2
    1⤵
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:2418
    • /usr/bin/uname
      uname -s
      2⤵
        PID:2422
      • /usr/bin/uname
        uname -r
        2⤵
          PID:2423
        • /usr/bin/uname
          uname -m
          2⤵
            PID:2424
          • /tmp/exe2
            /tmp/exe2
            2⤵
            • Enumerates kernel/hardware configuration
            • Reads runtime system information
            PID:2425
            • /usr/bin/uname
              uname -s
              3⤵
                PID:2428
              • /usr/bin/uname
                uname -r
                3⤵
                  PID:2429
                • /usr/bin/uname
                  uname -m
                  3⤵
                    PID:2430
                  • /tmp/exe2
                    /tmp/exe2
                    3⤵
                    • Reads hardware information
                    • Reads list of loaded kernel modules
                    • Checks CPU configuration
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:2431
                    • /usr/bin/uname
                      uname -s
                      4⤵
                        PID:2434
                      • /usr/bin/uname
                        uname -r
                        4⤵
                          PID:2435
                        • /usr/bin/uname
                          uname -m
                          4⤵
                            PID:2436

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads