Analysis

  • max time kernel
    6s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    31-08-2024 19:11

General

  • Target

    hubotio-hubot-b50c39c/bin/hubot

  • Size

    81B

  • MD5

    7364d991219404dc20f2760da01f4af2

  • SHA1

    73ed8c47b2c7f34c989a2ecd06a7d0edd4aa3d10

  • SHA256

    14978b15d3c431fa30e7fbdc9057dfa9e27a226eb951b099ab450422787f219c

  • SHA512

    09b4dcf5afacdbf96f07c72f09d4199749c11727b288205465dfbbcedd59ca7edd8f79a64455140bff3be08c359ee7ea9c9943a32db2c75090ea9b83ed5c3dce

Score
4/10

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/hubotio-hubot-b50c39c/bin/hubot
    /tmp/hubotio-hubot-b50c39c/bin/hubot
    1⤵
      PID:658
    • /usr/local/sbin/node
      node /tmp/hubotio-hubot-b50c39c/bin/hubot
      1⤵
        PID:658
      • /usr/local/bin/node
        node /tmp/hubotio-hubot-b50c39c/bin/hubot
        1⤵
          PID:658
        • /usr/sbin/node
          node /tmp/hubotio-hubot-b50c39c/bin/hubot
          1⤵
            PID:658
          • /usr/bin/node
            node /tmp/hubotio-hubot-b50c39c/bin/hubot
            1⤵
            • Checks CPU configuration
            • Reads CPU attributes
            • Enumerates kernel/hardware configuration
            • Reads runtime system information
            PID:658

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads