Analysis

  • max time kernel
    7s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240418-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    19-12-2024 22:25

General

  • Target

    1007BF65F80311D2/locker_MIPS

  • Size

    126KB

  • MD5

    9700dc992a950aa6e76d8d4de5ceff38

  • SHA1

    45dba47c0c0358627ae1a79463ed981017d30643

  • SHA256

    9c7ff1b686e05948de8d3e51dec88ff21b9b69418a10ba3e08de340f4503c064

  • SHA512

    68649687288f1dbe2e0dc202837579467eb2bc31e411d394431257fc5e3085db7283846741385e9d059bb11162bf53865e211a2d36fe8159125a377521ceff13

  • SSDEEP

    1536:SXzYBjV+P1NVt1dFMMaH6HULoecIJnvjK2WIAb92aUeX/ZbnBUZulb9S4AbIPLxQ:SXzKx/FLWI7kQ4/tnU04+jOoa

Score
8/10

Malware Config

Signatures

  • Traces remote process 1 IoCs
  • Checks system information (zLinux) 1 TTPs 1 IoCs

    Check system information on IBM zSystems which indicate if the system is a virtual machine.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 8 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 13 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 56 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

Processes

  • /tmp/1007BF65F80311D2/locker_MIPS
    /tmp/1007BF65F80311D2/locker_MIPS
    1⤵
    • Traces remote process
    • Reads runtime system information
    • System Network Configuration Discovery
    PID:729
    • /bin/sh
      sh -c "vim-cmd hostsvc/hostsummary | grep cpuModel | cut -d '\"' -f2"
      2⤵
        PID:732
        • /bin/grep
          grep cpuModel
          3⤵
            PID:734
          • /usr/bin/cut
            cut -d "\"" -f2
            3⤵
              PID:736
          • /bin/sh
            sh -c "lscpu | grep \"Model name\" | cut -d ':' -f2"
            2⤵
              PID:739
              • /bin/grep
                grep "Model name"
                3⤵
                  PID:741
                • /usr/bin/cut
                  cut -d : -f2
                  3⤵
                    PID:742
                  • /usr/bin/lscpu
                    lscpu
                    3⤵
                    • Checks system information (zLinux)
                    • Checks CPU configuration
                    • Reads CPU attributes
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:740
                • /bin/sh
                  sh -c "esxcli storage filesystem list | tail -n +3"
                  2⤵
                    PID:744
                    • /usr/bin/tail
                      tail -n +3
                      3⤵
                        PID:748
                    • /bin/sh
                      sh -c "lsblk -io KNAME,TYPE,SIZE,MODEL | tail -n +2"
                      2⤵
                        PID:750
                        • /usr/bin/tail
                          tail -n +2
                          3⤵
                            PID:753
                          • /bin/lsblk
                            lsblk -io "KNAME,TYPE,SIZE,MODEL"
                            3⤵
                            • Enumerates kernel/hardware configuration
                            • Reads runtime system information
                            PID:752
                        • /bin/sh
                          sh -c "uname -a"
                          2⤵
                            PID:756
                            • /bin/uname
                              uname -a
                              3⤵
                                PID:758
                            • /bin/sh
                              sh -c "vmware -v"
                              2⤵
                                PID:759

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads