8691f4cbe985ff4ad3559e3d9183ffa5e706695533ffe775dbc70080aff420c3

Analysis

max time kernel
4s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
30-06-2024 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime
Size

371B
MD5

7ab5bfff58b0a878a4614cddbe424702
SHA1

e75ad406ef2f9fcb1a9bde44ba669f416c824c4f
SHA256

394b93eaaac25f18a20d7cdd80920ecca1fe43c8e5b37501389e644944c6e01f
SHA512

36f59fb7f2a1f985210ce39fb90e6e7998e4ba8030f172496eda22a12c66b58c651211d0f682c2b0ec58a6e1ae19d59380d1fe0c6849f15fcf381df60123aaeb

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

node

description ioc process

File opened for reading /proc/cpuinfo node
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

node

description ioc process

File opened for reading /sys/devices/system/cpu/online node
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

node

description ioc process

File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes node
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.

Processes:

sednode

description ioc process

File opened for reading /proc/filesystems sed
File opened for reading /proc/meminfo node

description	ioc	process
File opened for reading	/proc/cpuinfo	node

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	node

description	ioc	process
File opened for reading	/sys/fs/cgroup/memory/memory.limit_in_bytes	node

description	ioc	process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/meminfo	node

/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime
/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime
1⤵
PID:697

/bin/sed
sed -e "s,\\\\,/,g"
2⤵
- Reads runtime system information
PID:701

/usr/bin/dirname
dirname /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime
2⤵
PID:698

/bin/uname
uname
2⤵
PID:708

/usr/local/sbin/node
node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js
1⤵
PID:697

/usr/local/bin/node
node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js
1⤵
PID:697

/usr/sbin/node
node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js
1⤵
PID:697

/usr/bin/node
node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js
1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:697

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads