94f5a2fceeb85c248100f65f0700561ea4de7db848b2a302e65273c243b3fb14

Resubmissions

29-06-2024 14:33

240629-rw2p4asekk 4

29-06-2024 14:33

240629-rwtz9azbka 4

Analysis

max time kernel
4s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
29-06-2024 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

run.js
Size

59B
MD5

4775f27ad088bf259c1e8dfa934d9e31
SHA1

7a10d5d619e0ed2df7bf2efe1328ebb2014daa9c
SHA256

94f5a2fceeb85c248100f65f0700561ea4de7db848b2a302e65273c243b3fb14
SHA512

edfed992a8093c532a51c63da3e89cc73516f8baedb3f85d2d50bc26e18eebf8382fcf190396e869742d850cbd872260d155f60e6f7794b41864a2fbe207d912

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

node

description ioc process

File opened for reading /proc/cpuinfo node
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

node

description ioc process

File opened for reading /sys/devices/system/cpu/online node
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

node

description ioc process

File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes node
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

node

description ioc process

File opened for reading /proc/meminfo node

description	ioc	process
File opened for reading	/proc/cpuinfo	node

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	node

description	ioc	process
File opened for reading	/sys/fs/cgroup/memory/memory.limit_in_bytes	node

description	ioc	process
File opened for reading	/proc/meminfo	node

/usr/bin/node
node /tmp/run.js
1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:637

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads