Overview

overview

4

Static

static

1

custom/about.html

windows7-x64

3

custom/about.html

windows10-2004-x64

3

custom/header.html

windows7-x64

3

custom/header.html

windows10-2004-x64

3

custom/help.html

windows7-x64

3

custom/help.html

windows10-2004-x64

3

dialog/dialog.html

windows7-x64

3

dialog/dialog.html

windows10-2004-x64

3

dialog/js/dialog.js

windows7-x64

3

dialog/js/dialog.js

windows10-2004-x64

3

node_modul...mkdirp

ubuntu-18.04-amd64

3

node_modul...mkdirp

debian-9-armhf

4

node_modul...mkdirp

debian-9-mips

3

node_modul...mkdirp

debian-9-mipsel

3

node_modul...rp.cmd

windows7-x64

1

node_modul...rp.cmd

windows10-2004-x64

1

node_modul...rp.ps1

ubuntu-18.04-amd64

1

node_modul...rp.ps1

debian-9-armhf

1

node_modul...rp.ps1

debian-9-mips

1

node_modul...rp.ps1

debian-9-mipsel

1

node_modul...rimraf

ubuntu-18.04-amd64

3

node_modul...rimraf

debian-9-armhf

4

node_modul...rimraf

debian-9-mips

3

node_modul...rimraf

debian-9-mipsel

3

node_modul...af.cmd

windows7-x64

1

node_modul...af.cmd

windows10-2004-x64

1

node_modul...af.ps1

ubuntu-18.04-amd64

1

node_modul...af.ps1

debian-9-armhf

1

node_modul...af.ps1

debian-9-mips

1

node_modul...af.ps1

debian-9-mipsel

1

node_modul...DME.js

windows7-x64

3

node_modul...DME.js

windows10-2004-x64

3

Analysis

  • max time kernel
    5s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    21-11-2024 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    node_modules/.bin/rimraf

  • Size

    294B

  • MD5

    f178e4d9d266237c4747eb33eed35684

  • SHA1

    678d46ca0b1f43811604f8b6aaa0237acf4faedb

  • SHA256

    64ce06348f2c2e12fbf0f5db3d2943e00147a8ec47147702685a13acc7b908f5

  • SHA512

    264383c581c4ec8d1aca3f07b89d43b148db2061a360a17bce7a5457edae13a62271fdf519f4a238ff6ac714e79150a8c8ca6a55e64d819cc56f4bc5ce789c87

Score
4/10
antivmdiscoveryexecution

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 1 IoCs
    discovery
  • Command and Scripting Interpreter: JavaScript 1 TTPs 4 IoCs

    Execution via JavaScript.

    execution
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/node_modules/.bin/rimraf
    /tmp/node_modules/.bin/rimraf
    1⤵
      PID:671
      • /bin/sed
        sed -e "s,\\\\,/,g"
        2⤵
        • Reads runtime system information
        PID:675
      • /usr/bin/dirname
        dirname /tmp/node_modules/.bin/rimraf
        2⤵
          PID:672
        • /bin/uname
          uname
          2⤵
            PID:679
        • /usr/local/sbin/node
          node /tmp/node_modules/.bin/../rimraf/bin.js
          1⤵
          • Command and Scripting Interpreter: JavaScript
          PID:671
        • /usr/local/bin/node
          node /tmp/node_modules/.bin/../rimraf/bin.js
          1⤵
          • Command and Scripting Interpreter: JavaScript
          PID:671
        • /usr/sbin/node
          node /tmp/node_modules/.bin/../rimraf/bin.js
          1⤵
          • Command and Scripting Interpreter: JavaScript
          PID:671
        • /usr/bin/node
          node /tmp/node_modules/.bin/../rimraf/bin.js
          1⤵
          • Checks CPU configuration
          • Reads CPU attributes
          • Command and Scripting Interpreter: JavaScript
          • Enumerates kernel/hardware configuration
          • Reads runtime system information
          PID:671

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads