Overview
overview
7Static
static
1sample.tar
windows7-x64
1sample.tar
windows10-2004-x64
1wmware-root/autorun
ubuntu-18.04-amd64
7wmware-root/autorun
debian-9-armhf
7wmware-root/autorun
debian-9-mips
7wmware-root/autorun
debian-9-mipsel
7wmware-root/crontab
ubuntu-24.04-amd64
wmware-root/inst
ubuntu-18.04-amd64
3wmware-root/inst
debian-9-armhf
3wmware-root/inst
debian-9-mips
3wmware-root/inst
debian-9-mipsel
3wmware-root/m.vbs
windows7-x64
1wmware-root/m.vbs
windows10-2004-x64
1wmware-root/run
ubuntu-18.04-amd64
1wmware-root/run
debian-9-armhf
1wmware-root/run
debian-9-mips
1wmware-root/run
debian-9-mipsel
1wmware-root/start
ubuntu-18.04-amd64
1wmware-root/start
debian-9-armhf
1wmware-root/start
debian-9-mips
1wmware-root/start
debian-9-mipsel
1wmware-root/xh
ubuntu-18.04-amd64
4wmware-root/xh
debian-9-armhf
6wmware-root/xh
debian-9-mips
4wmware-root/xh
debian-9-mipsel
4General
-
Target
ab4fe1b299f6865eabcaffd922e2b836_JaffaCakes118
-
Size
273KB
-
Sample
241128-g6xh1svlhp
-
MD5
ab4fe1b299f6865eabcaffd922e2b836
-
SHA1
9d53df7e9cd62d4f439f7e57b372156c13617295
-
SHA256
86e16b7b7acff09e84644838d14d8e3080c258b5484111de38325ad1490f01b1
-
SHA512
ccbc8f9adeec3e390487c2e6a55300662cf8d27939484a8ded1dc6d5cdce7f097effa252694044bc945315c89851e48e34fffc05d65e8ca77ef6da4e8d7cfbb8
-
SSDEEP
6144:V6dNzNAE14bEDg16jla9y3hKgM+6WbQuEm3tc7:VDECEDgcpaJgRcuEKtc7
Static task
static1
Behavioral task
behavioral1
Sample
sample.tar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
sample.tar
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
wmware-root/autorun
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral4
Sample
wmware-root/autorun
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral5
Sample
wmware-root/autorun
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral6
Sample
wmware-root/autorun
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral7
Sample
wmware-root/crontab
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral8
Sample
wmware-root/inst
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral9
Sample
wmware-root/inst
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral10
Sample
wmware-root/inst
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral11
Sample
wmware-root/inst
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral12
Sample
wmware-root/m.vbs
Resource
win7-20240903-en
Behavioral task
behavioral13
Sample
wmware-root/m.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
wmware-root/run
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral15
Sample
wmware-root/run
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral16
Sample
wmware-root/run
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral17
Sample
wmware-root/run
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral18
Sample
wmware-root/start
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral19
Sample
wmware-root/start
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral20
Sample
wmware-root/start
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral21
Sample
wmware-root/start
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral22
Sample
wmware-root/xh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral23
Sample
wmware-root/xh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral24
Sample
wmware-root/xh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral25
Sample
wmware-root/xh
Resource
debian9-mipsel-20240226-en
Malware Config
Targets
-
-
Target
sample
-
Size
740KB
-
MD5
a67e1f169cc4ee66567be3a73d47b7fd
-
SHA1
756e75aa37138059987e22e29116d7cebdc97f88
-
SHA256
cdeaa26dc441c11787a985d378e2da937c5f3e6af3525c04dcde0bd29507325b
-
SHA512
2b90575251374b9bd34039c67c5b16000a07ace437d7a4ff88bc2d1e991beb128c48a5adfb869d9abcc8ee576cb2efa30ed5019a061f251c3993829999f4df91
-
SSDEEP
12288:4m+XrvUwW4UeHTBwLPQ5CNMhh/FWQrVSAtk3qSAtk:4TXrMwWMTBwLPQjhhPrVSAtk3qSAtk
Score1/10 -
-
-
Target
wmware-root/autorun
-
Size
362B
-
MD5
2576ff4064297b842659847eef6cdef4
-
SHA1
d8c3397f40a1d0f5e40b386647d4f82698d0b6c7
-
SHA256
56f75d1c049b206af2d5c29019251c249bc8fa4230b97649e03ee77fa45b8e19
-
SHA512
4a11096678ea316e6c7dd07535f629deaeb972bac66276e5f5db6a5307f7a3d830307ec36cc31e867e67915a085e2af5dc3be823afc1730a059abf5823826838
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
-
-
Target
wmware-root/crontab
-
Size
484KB
-
MD5
566d414e7e47fba9c27a3ce73c409e9c
-
SHA1
e85c9c7f31343d196c15b754f7df16b83c1b9e7b
-
SHA256
7446c0bd39ca20229601778ffcb887fc9f89730f2762c17fda67601dc1e8eb7a
-
SHA512
15f3b9223cdac23b65d19238903ba27a44b69ca4eee64d4fc9fd7fdcc46a84311206885b813e49c0d0fa896dac8477dafa4a9a17faffc313fdad3a73ec6e8206
-
SSDEEP
6144:4mw9XywzvzMPK5obmvlJ9RS3Il4js9QneROyYVYJ0YnTBwLaTubM1DCmPGMhQj6Y:4m+XrvUwW4UeHTBwLPQ5CNMhhY
Score1/10 -
-
-
Target
wmware-root/inst
-
Size
35KB
-
MD5
3f43021bb5e2c947e1f613666cb761af
-
SHA1
357e5da4adfb33423c81b396fa7e960d14f506b3
-
SHA256
e88ecbfc5cf48257890822059a87336212b7d7defeab600efe290b8cad8450f9
-
SHA512
03de641797d746c6ae26da40640d63c65c980f2074e3b61c06094958c40f895fd0d4c682dc7a1c94a6d0cbf327584142950386cc24fab2d264f90dc5a9725c74
-
SSDEEP
768:iVKewgpMMx/XNNwsOlET+UpdzmO+lIZrGWfg16KADaQ9hPa4Lt:iTjx/rZFDoldWw6/DaQ/C4Lt
Score3/10 -
-
-
Target
wmware-root/m.help
-
Size
22KB
-
MD5
3867e7b1168f749f94536c85bf94a2c2
-
SHA1
97fdf5c978400ed9de85555c63a7ba9cfe8b77a6
-
SHA256
0d1191e8da46fb6461c072b97c94e2b9a139ee6e483a8b615524b47932095d59
-
SHA512
b072ec3ccc411f75002c6428569e16d98b43386894be9a41a6c43cbbcf50c24c5a745f2175f40668ccf0be66265b830faf4d3db416a64844255fdc3e26db05b0
-
SSDEEP
192:Pk80z2Z8ECr40jfSHgglM7mu07/+6MhqehT1Szb01wm7FElApsm4rcGB1tRlnMCv:c8YjRqMC5YRsQf7FMrpfR9MxInqKJNok
Score1/10 -
-
-
Target
wmware-root/run
-
Size
32B
-
MD5
b6eb2e6e834b3eadcb4afb3de0616424
-
SHA1
2caea1b70ca49d4d6799bf9129841124906dc8a7
-
SHA256
4b9c0eeb6156785ff42f5858ff52b5249f5f66c736fb40124a2499f11da8ec70
-
SHA512
4d85c86d89a91bdbca8800862ef393e683a1bc787b9f9aec6d2c5ae6b928d9dace135c441ee5a06744534456843bc089b98402d6d504b3e6ba94c77fefa7500d
Score1/10 -
-
-
Target
wmware-root/start
-
Size
604B
-
MD5
a1873f9521a709954cb6f74c12683de5
-
SHA1
f1a45f8632bd79865003092571f6fcafc3fcd8d2
-
SHA256
6d8315dc6bd8e0525d5e0851d35496d35eb4ebb76a2d0a4e2cfe48caa1ac2509
-
SHA512
e7d7a2d3792639a80ce8aa93a60c0bc0acbf65c058e46dc36e1b74c459e7930e87f67712a6eff865e9292b9ce3c4ec20c57d847cde8f6b980ace694b8fb69702
Score1/10 -
-
-
Target
wmware-root/xh
-
Size
51KB
-
MD5
00d78bd1a95165a8ca686eb9b52dde57
-
SHA1
7bfd49a400f45dd1c202c77913090bbe4361b910
-
SHA256
93daa1c478529666d07d6b55fba0a13ae1f51e7b8918acc6f6818d343d1d198b
-
SHA512
6cbdbe09bec6a02a7d05291a65a3e0ed7837ee5fe47c2c4ba62471333de71af44b77a34f704ceed6d54ddd8908e87d4bf552646c406beef55a02d7f1c9b88c93
-
SSDEEP
768:dqSbj1zIx2Pj/6pbN8+MoG9oKeYrbn8ux1MEOOV8TF8MA4p0zL7bNiOv4kaB:dqcoG9oKeibVVsFRA20zL7b6B
Score6/10-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-