Analysis

  • max time kernel
    2s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    19-12-2024 22:25

General

  • Target

    1007BF65F80311D2/locker_ARMV5

  • Size

    103KB

  • MD5

    516b79a3c994df308172aa67d353ff2f

  • SHA1

    e312f14bc1544e20af0cd41a3571a2cbe1ebe582

  • SHA256

    a60acd0adeccbe29ff8402db0e974eba25c9acf98a3af98940e518d465fb1bbe

  • SHA512

    b7a1a3e7ee64f8d0f538fdba5cc693134c475c4ce760cc4b314c26d1298794ff350eafd28a772f9da98332accb7a92674791d361bac0a17feb63e27bd4c84462

  • SSDEEP

    3072:0zmoAp+UN6YmA4pLCQJ91ToDVqNrPOzng:0zmbkUpmA4pFJ918DVqNrOzg

Score
8/10

Malware Config

Signatures

  • Traces remote process 1 IoCs
  • Checks system information (zLinux) 1 TTPs 1 IoCs

    Check system information on IBM zSystems which indicate if the system is a virtual machine.

  • Reads network interface configuration 2 TTPs 6 IoCs

    Fetches information about one or more active network interfaces.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 15 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 37 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/1007BF65F80311D2/locker_ARMV5
    /tmp/1007BF65F80311D2/locker_ARMV5
    1⤵
    • Traces remote process
    • Reads network interface configuration
    • Reads CPU attributes
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:655
    • /bin/sh
      sh -c "vim-cmd hostsvc/hostsummary | grep cpuModel | cut -d '\"' -f2"
      2⤵
        PID:658
        • /bin/grep
          grep cpuModel
          3⤵
            PID:660
          • /usr/bin/cut
            cut -d "\"" -f2
            3⤵
              PID:661
          • /bin/sh
            sh -c "lscpu | grep \"Model name\" | cut -d ':' -f2"
            2⤵
              PID:664
              • /usr/bin/lscpu
                lscpu
                3⤵
                • Checks system information (zLinux)
                • Checks CPU configuration
                • Reads CPU attributes
                • Reads runtime system information
                PID:666
              • /bin/grep
                grep "Model name"
                3⤵
                  PID:667
                • /usr/bin/cut
                  cut -d : -f2
                  3⤵
                    PID:668
                • /bin/sh
                  sh -c "esxcli storage filesystem list | tail -n +3"
                  2⤵
                    PID:671
                    • /usr/bin/tail
                      tail -n +3
                      3⤵
                        PID:674
                    • /bin/sh
                      sh -c "lsblk -io KNAME,TYPE,SIZE,MODEL | tail -n +2"
                      2⤵
                        PID:677
                        • /bin/lsblk
                          lsblk -io "KNAME,TYPE,SIZE,MODEL"
                          3⤵
                          • Reads runtime system information
                          PID:679
                        • /usr/bin/tail
                          tail -n +2
                          3⤵
                            PID:680
                        • /bin/sh
                          sh -c "uname -a"
                          2⤵
                            PID:683
                            • /bin/uname
                              uname -a
                              3⤵
                                PID:684
                            • /bin/sh
                              sh -c "vmware -v"
                              2⤵
                                PID:685

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads