Overview

overview

10

Static

static

10

45686202b2...49.elf

ubuntu-22.04-amd64

6

Resubmissions

30-06-2024 10:59

240630-m3q5qawgqg 10

30-06-2024 10:47

240630-mvxmjawfrh 10

Analysis

  • max time kernel
    46s
  • max time network
    43s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    30-06-2024 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf

  • Size

    4.9MB

  • MD5

    0a57ca1f1a9f1eea4c4efb10ee5107c6

  • SHA1

    b0b3e2ca8b29b5cb2386d33b9a3f050f1a5f24f2

  • SHA256

    45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549

  • SHA512

    c52055d400f7e3d3780f8c4e18232fddf3801ac2d4f9eae99ba0c3a7abdc78be163f83149e21904d32429afbdf020c097156e2b038a5ed5d4599ea44efbd8742

  • SSDEEP

    98304:GbvgUa4NyTar5r/DfdTGCJVJIhuSzWh5C/K5b3+9/HyMbqY:sHyTaFDtJUWh5Ft8ySqY

Score
6/10
antivmpersistence

Malware Config

Signatures

  • Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

    Checks DMI information which indicate if the system is a virtual machine.

    antivm
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads hardware information 1 TTPs 14 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

  • Changes its process name 2 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 45 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 21 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf
    /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf
    1⤵
    • Checks hardware identifiers (DMI)
    • Reads hardware information
    • Checks CPU configuration
    • Reads CPU attributes
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:1595
    • /bin/sh
      sh -c "crontab -l"
      2⤵
        PID:1615
        • /usr/bin/crontab
          crontab -l
          3⤵
            PID:1616
        • /bin/sh
          sh -c "echo \"@reboot /tmp/45686202b22892494d78824ca3a35345c418f99f6d76a07165d18739d4ce6549.elf\" | crontab -"
          2⤵
            PID:1617
            • /usr/bin/crontab
              crontab -
              3⤵
              • Creates/modifies Cron job
              PID:1619

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Initial Access

        Execution

        Scheduled Task/Job

        1
        T1053

        Persistence

        Scheduled Task/Job

        1
        T1053

        Privilege Escalation

        Scheduled Task/Job

        1
        T1053

        Defense Evasion

        Virtualization/Sandbox Evasion

        2
        T1497

        Credential Access

        Discovery

        Virtualization/Sandbox Evasion

        2
        T1497

        System Information Discovery

        3
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Resource Development

        Reconnaissance

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /var/spool/cron/crontabs/tmp.Uph3OR
          Filesize

          257B

          MD5

          da9f2b860fff6b0b7da0d2632350113d

          SHA1

          f741ca321f7966809bca7e1dc5a5eb23f53b189d

          SHA256

          bee2238cf6e9dbf06aaf4dc4911ff4e8063133cac85bafad2de78af26c106c45

          SHA512

          2b8d44946350e6fe2e595ac55964823c78a1638d11c761684835fe75924b412545841ef68c33866c3ba48e9f8b92dbe4bdf89b8569313352d29774e8a201e1ca

          Download Submit