f9b34255399925fcae10f34e78275446f9a90263afd3b825e889d5e631a74d0e | Triage

Resubmissions

28/03/2025, 06:04

250328-gsw1bsswcx 8

27/12/2024, 01:42

241227-b4yqeaylan 8

Sharing

General

Target

2024-12-27_3589e9b7abdf6e89063977847351173b_lockbit
Size

89KB
Sample

250328-gsw1bsswcx
MD5

3589e9b7abdf6e89063977847351173b
SHA1

a95652971f89587cf5f717c99c894ca2122101a0
SHA256

f9b34255399925fcae10f34e78275446f9a90263afd3b825e889d5e631a74d0e
SHA512

90550b2e8e9ddabbccf5d35907d40282db65876da1efb6e0e864ec8e8e8e1a92f2da0082b64d286f8c05087f417caa2470da1bc89f8ad55e8bd168305c7e2155
SSDEEP

1536:h23bmHSlAhb6eo1xrac08UGNnPnEsT9VxU+tqRAsemhgYBzvI:4rmHSlAhbx+K8UUnPEsBVxDtqR19gAI

Score

8^/10

antivm credential_access discovery linux spyware stealer

Malware Config

Targets

- Target
  
  2024-12-27_3589e9b7abdf6e89063977847351173b_lockbit
- Size
  
  89KB
- MD5
  
  3589e9b7abdf6e89063977847351173b
- SHA1
  
  a95652971f89587cf5f717c99c894ca2122101a0
- SHA256
  
  f9b34255399925fcae10f34e78275446f9a90263afd3b825e889d5e631a74d0e
- SHA512
  
  90550b2e8e9ddabbccf5d35907d40282db65876da1efb6e0e864ec8e8e8e1a92f2da0082b64d286f8c05087f417caa2470da1bc89f8ad55e8bd168305c7e2155
- SSDEEP
  
  1536:h23bmHSlAhb6eo1xrac08UGNnPnEsT9VxU+tqRAsemhgYBzvI:4rmHSlAhbx+K8UUnPEsBVxDtqR19gAI
Score

8^/10

antivm credential_access discovery spyware stealer
- Traces remote process
- Reads user data of web browsers
  Reads stored browser data which can include saved credentials.
  spyware stealer credential_access discovery
- Reads AppArmor ptrace settings
  Discovery of allowed ptrace capabilities by AppArmor.
  discovery
- Checks system information (zLinux)
  Check system information on IBM zSystems which indicate if the system is a virtual machine.
  antivm
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
- Reads network interface configuration
  Fetches information about one or more active network interfaces.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

antivmcredential_accessdiscoveryspywarestealer