Overview

overview

10

Static

static

10

45686202b2...49.elf

ubuntu-22.04-amd64

6

Resubmissions

30-06-2024 10:59

240630-m3q5qawgqg 10

30-06-2024 10:47

240630-mvxmjawfrh 10

Analysis

  • max time kernel
    0s
  • max time network
    9s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240522.1-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    30-06-2024 10:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf

  • Size

    4.9MB

  • MD5

    0a57ca1f1a9f1eea4c4efb10ee5107c6

  • SHA1

    b0b3e2ca8b29b5cb2386d33b9a3f050f1a5f24f2

  • SHA256

    45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549

  • SHA512

    c52055d400f7e3d3780f8c4e18232fddf3801ac2d4f9eae99ba0c3a7abdc78be163f83149e21904d32429afbdf020c097156e2b038a5ed5d4599ea44efbd8742

  • SSDEEP

    98304:GbvgUa4NyTar5r/DfdTGCJVJIhuSzWh5C/K5b3+9/HyMbqY:sHyTaFDtJUWh5Ft8ySqY

Score
6/10
antivmpersistence

Malware Config

Signatures

  • Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

    Checks DMI information which indicate if the system is a virtual machine.

    antivm
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads hardware information 1 TTPs 14 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

  • Changes its process name 2 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 45 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 21 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf
    /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf
    1⤵
    • Checks hardware identifiers (DMI)
    • Reads hardware information
    • Checks CPU configuration
    • Reads CPU attributes
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:1552
    • /bin/sh
      sh -c "crontab -l"
      2⤵
        PID:1568
        • /usr/bin/crontab
          crontab -l
          3⤵
            PID:1569
        • /bin/sh
          sh -c "echo \"@reboot /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf\" | crontab -"
          2⤵
            PID:1570
            • /usr/bin/crontab
              crontab -
              3⤵
              • Creates/modifies Cron job
              PID:1572

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Initial Access

        Execution

        Scheduled Task/Job

        1
        T1053

        Persistence

        Scheduled Task/Job

        1
        T1053

        Privilege Escalation

        Scheduled Task/Job

        1
        T1053

        Defense Evasion

        Virtualization/Sandbox Evasion

        2
        T1497

        Credential Access

        Discovery

        Virtualization/Sandbox Evasion

        2
        T1497

        System Information Discovery

        3
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Resource Development

        Reconnaissance

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /var/spool/cron/crontabs/tmp.Jqgs56
          Filesize

          257B

          MD5

          74ee4328ac6ade08fea272f14dedb32f

          SHA1

          a6d424464cee764106af124c80495b3edd8c3ba9

          SHA256

          e9a0249af6b1b3853aa60a2cf6cb5a7bf952a5b352244227ca9e60c195527f67

          SHA512

          1bb2f8c35480e6d9c565a096e3a2dcabcf4fb8162fe527fdfb99e859b57adcb286befae06cc13b02448cd877fa1891e7e4d84a36028827a4ae5b43dbaa5ace66

          Download Submit