Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    23-12-2024 20:05

General

  • Target

    xr

  • Size

    7.6MB

  • MD5

    991d8dea7268212f8e5ca8a3bfd56398

  • SHA1

    dc6fb3b941e1af3c5b8e56c143ba904d9c41a955

  • SHA256

    b2e51777c7993ce58f5e1afd3d33efbaae19222099be745f229b44028766dabc

  • SHA512

    702025e60aa16acf6be691f93c74a44e771bf0dcd735eee8c211ae92f31d0cefe607c8b54e93de52f10afe1e08d459c0492ef64d1630b3d9f796b5de0485ad4f

  • SSDEEP

    196608:iV4oZPljXZ9GfAYoGBM3kpg1cc75JjCNLhSWzk+s:iV4oZPljXZ9UxoGBM3Ug1cMVCNLhFzk

Score
6/10

Malware Config

Signatures

  • Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

    Checks DMI information which indicate if the system is a virtual machine.

  • Reads hardware information 1 TTPs 14 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 3 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 61 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/xr
    /tmp/xr
    1⤵
    • Checks hardware identifiers (DMI)
    • Reads hardware information
    • Checks CPU configuration
    • Reads CPU attributes
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads