General
-
Target
name.zip
-
Size
3.9MB
-
Sample
241019-nvrlyswdrn
-
MD5
b001d8369997dbf8f9303de8faed1adb
-
SHA1
b3f8425585c95c6c737add0d63ba148691345c20
-
SHA256
e0167b29311f359344fe2879d8de3e8f5eb4c4d5a54bf0d46406d1d7af0cd2ff
-
SHA512
39a51b404afa8b5a3cd8e653310492633eb9bb34e27b08a93da448fcbd5c6c7df1c7ef3b4a5f7824d5bd2747850267acd2a0c05f1d60e75495e4e6ceb52956a6
-
SSDEEP
98304:sQE0RKwiLgnCy7n+wF3BOvExR+CEM29vVuiC7sM9Nh6on61KC2nA4:LEkdn/n+WR9x0uovV1C7sM9zL61KCSA4
Behavioral task
behavioral1
Sample
iptable_reject
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral2
Sample
kermine
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
iptable_reject
-
Size
8.4MB
-
MD5
7db2c9ec53c09e42724f6314401b906c
-
SHA1
0b781d565d784b4d22aa9be874518b8b4c40bfcf
-
SHA256
f99f857e388a386f4461917ec46781c539ee1f0e9d2b5039b282fa0754c1c750
-
SHA512
74dcf160137fe29a2e68d66b503f0ec2fe6c0f0900356076d528e3387cf497557157da1c95d65d9fad8c7d7d647a21c93d7655270f9df06823ffbdcf7d26a2f5
-
SSDEEP
196608:hVJq0MCjhe6WB42fcpuAJr+Q1lHGJqu82NwuN4zs:hDq0MCjhe6WaycpuA51lHOvKuN4
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
-
-
Target
kermine
-
Size
1.3MB
-
MD5
13d1ec32d39153bddcb677fc491d90f8
-
SHA1
28f07354c83098f3f2f988249251096bcdf68549
-
SHA256
7f2b4e30c6ae7c56c0bc861f920bca6b52183b3e8bc30347739c6591bdfaa589
-
SHA512
1dbcab16cb408f8c895609af43f973c09b4c0dda5da1f36e2524823b53874cdce585bf4d4d489f9323043f69d688cf3375ad14036e99f0b09c6bdfddf66289b4
-
SSDEEP
24576:87U+XfGMTwJ7RBNytH9wiPGKgIxECVVXZSELt:8g+XfjU7RBNC9wiPGKgIxE8VwE
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Indicator Removal
2Clear Linux or Mac System Logs
2Virtualization/Sandbox Evasion
3System Checks
2