Analysis
-
max time kernel
146s -
max time network
154s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
-
submitted
28/03/2025, 12:35
General
-
Target
resources/app/bin/index.js
-
Size
514B
-
MD5
2ffac93c1e0896cf98f1514f70fe8637
-
SHA1
22fa46c684b079fae1a9921a87b3e6c63cc6e373
-
SHA256
15cb73537b76df1b820056767dae3e8730cd91e1798bbd56e04075e8e677382b
-
SHA512
cdc66c2d890c8edc558ffac76b46a3e63bb0b8d95e254860f18bca8c03c72fec51133fbcd7e8983219ef0a707614c9f4aed02f640d8d9afa25ff7e1fea00a4f4
Malware Config
Signatures
-
Creates/modifies environment variables 1 TTPs 1 IoCs
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies Bash startup script 2 TTPs 1 IoCs
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes 1 TTPs 7 IoCs
-
Command and Scripting Interpreter: JavaScript 1 TTPs 4 IoCs
Execution via JavaScript.
-
Command and Scripting Interpreter: Unix Shell 1 TTPs 1 IoCs
Execute scripts via Unix Shell.
-
Enumerates kernel/hardware configuration 1 TTPs 3 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
Processes
-
/tmp/resources/app/bin/index.js/tmp/resources/app/bin/index.js1⤵
-
/usr/local/sbin/nodenode /tmp/resources/app/bin/index.js1⤵
- Command and Scripting Interpreter: JavaScript
-
/usr/local/bin/nodenode /tmp/resources/app/bin/index.js1⤵
- Command and Scripting Interpreter: JavaScript
-
/usr/sbin/nodenode /tmp/resources/app/bin/index.js1⤵
- Command and Scripting Interpreter: JavaScript
-
/usr/bin/nodenode /tmp/resources/app/bin/index.js1⤵
- Command and Scripting Interpreter: JavaScript
- Enumerates kernel/hardware configuration
-
/usr/bin/node/usr/bin/node "--max-http-header-size=80000" /tmp/resources/app/bin/lum_node.js2⤵
- Creates/modifies environment variables
- Modifies Bash startup script
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/bin/sh/bin/sh -c "curl_add_ip(){ if ((\$2)); then PORT=\$2 else PORT=22999 fi ENDPOINT=\"http://127.0.0.1:\$PORT/api/add_whitelist_ip\" DATA=\"ip=\"\$1 curl \$ENDPOINT -X POST -d \$DATA --post301 -L -k }"3⤵
-
-
/bin/sh/bin/sh -c "alias lpm_whitelist_ip='curl_add_ip'"3⤵
- Command and Scripting Interpreter: Unix Shell
- System Network Configuration Discovery
-
-
/usr/local/sbin/psps awwxo "pid,comm"3⤵
-
-
/usr/local/bin/psps awwxo "pid,comm"3⤵
-
-
/usr/sbin/psps awwxo "pid,comm"3⤵
-
-
/usr/bin/psps awwxo "pid,comm"3⤵
-
-
/sbin/psps awwxo "pid,comm"3⤵
-
-
/bin/psps awwxo "pid,comm"3⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/local/sbin/psps awwxo "pid,args"3⤵
-
-
/usr/local/bin/psps awwxo "pid,args"3⤵
-
-
/usr/sbin/psps awwxo "pid,args"3⤵
-
-
/usr/bin/psps awwxo "pid,args"3⤵
-
-
/sbin/psps awwxo "pid,args"3⤵
-
-
/bin/psps awwxo "pid,args"3⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/local/sbin/psps awwxo "pid,ppid"3⤵
-
-
/usr/local/bin/psps awwxo "pid,ppid"3⤵
-
-
/usr/sbin/psps awwxo "pid,ppid"3⤵
-
-
/usr/bin/psps awwxo "pid,ppid"3⤵
-
-
/sbin/psps awwxo "pid,ppid"3⤵
-
-
/bin/psps awwxo "pid,ppid"3⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/local/sbin/psps awwxo "pid,uid"3⤵
-
-
/usr/local/bin/psps awwxo "pid,uid"3⤵
-
-
/usr/sbin/psps awwxo "pid,uid"3⤵
-
-
/usr/bin/psps awwxo "pid,uid"3⤵
-
-
/sbin/psps awwxo "pid,uid"3⤵
-
-
/bin/psps awwxo "pid,uid"3⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/local/sbin/psps awwxo "pid,%cpu"3⤵
-
-
/usr/local/bin/psps awwxo "pid,%cpu"3⤵
-
-
/usr/sbin/psps awwxo "pid,%cpu"3⤵
-
-
/usr/bin/psps awwxo "pid,%cpu"3⤵
-
-
/sbin/psps awwxo "pid,%cpu"3⤵
-
-
/bin/psps awwxo "pid,%cpu"3⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/local/sbin/psps awwxo "pid,%mem"3⤵
-
-
/usr/local/bin/psps awwxo "pid,%mem"3⤵
-
-
/usr/sbin/psps awwxo "pid,%mem"3⤵
-
-
/usr/bin/psps awwxo "pid,%mem"3⤵
-
-
/sbin/psps awwxo "pid,%mem"3⤵
-
-
/bin/psps awwxo "pid,%mem"3⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/node/usr/bin/node "--max-http-header-size=80000" "--max-old-space-size=1024" "--max-http-header-size=80000" /tmp/resources/app/lib/worker.js --dir /root/proxy_manager3⤵
- Enumerates kernel/hardware configuration
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Privilege Escalation
Boot or Logon Autostart Execution
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Defense Evasion
Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
415B
MD5e048ec126f3952578e9e79f801eddb21
SHA1b355ec320e93c48d075b76c7badbf01479123a7a
SHA256db9990ba6bb60b465db8963cfe09e6500d463438b6ccc133bba07f9f8196d9bc
SHA512f15aae0785e10ada1a0a0151c8820325f6fb8d7e566395443150edc2255abd310ab84cc95979e10f6de56abdb8cecf466a423c9ff8b88b17c795ec34af872229
-
Filesize
36B
MD571a6f18b7fe0e91e69367415d59eca63
SHA16001a95fa0ce752c7a9b796893f796551539fbcb
SHA256487d8b6ed90c42c509cb9a03c34380f1d4bdffb0b91bc3bef153dd456eb2c48b
SHA5128b33134b5e45534c1991ebd418405dd69f267920784e6a19fbaceb407f7b4ab0768cadedaa465b0749b53d7e578cee70585f6e347751e113c10863f39dab7941
-
Filesize
606B
MD598480d7c011717466d8832d18255f89f
SHA187553a405bccd35b2ec41f9e7d3a804f8e51968b
SHA2567eaa0c336177986d4bc71ba05f1a0ee66d1cba5d701e6a213ff0ecd5de9da663
SHA512a7109ce4a83837aad6ab83a859da95afa5d727aa76242e65aef113a0a30dbdae02ddb388b4fdb446ebfac17113cc60dc193b4db6a7156de13eb4da6165bff5a6