fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73 | Triage

Resubmissions

06-09-2023 00:49

230906-a6cehsce37 10

31-07-2023 12:28

230731-pnngdsgd4v 10

28-02-2021 08:09

210228-xd259lnnps 5

Analysis

max time kernel
0s
max time network
124s
platform
linux_amd64
resource
ubuntu-amd64
submitted
28-02-2021 08:09

Sharing

Report Analysis Logs

General

Target

fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73
Size

28KB
MD5

0017f7b913ce66e4d80f7e78cf830a2b
SHA1

f1bf775746a5c882b9ec003617b2a70cf5a5b029
SHA256

fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73
SHA512

ff5dd28ba3f5ce1f85f85fa9b65f9f30fbd300f2ca238cb2713da7077b7a0a8ff094cff4d7de9381726925abdd9ea065fa75ccd02fa5a816b71a6f91479363c1

Score

5^/10

Malware Config

Signatures

Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

cp

description ioc process

/proc/filesystems /proc/filesystems cp

./fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73
./fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73
1⤵
PID:562

"" "" "/bin/rm -f /dev/shm/kdmtmpflush;/bin/cp ./fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73 /dev/shm/kdmtmpflush && /bin/chmod 755 /dev/shm/kdmtmpflush && /dev/shm/kdmtmpflush --init && /bin/rm -f /dev/shm/kdmtmpflush"
2⤵
PID:563

/bin/rm
/bin/rm -f /dev/shm/kdmtmpflush
3⤵
PID:564

/bin/cp
/bin/cp ./fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73 /dev/shm/kdmtmpflush
3⤵
- Reads runtime system information
PID:565

/bin/chmod
/bin/chmod 755 /dev/shm/kdmtmpflush
3⤵
PID:566

/dev/shm/kdmtmpflush
/dev/shm/kdmtmpflush --init
3⤵
PID:567

/bin/rm
/bin/rm -f /dev/shm/kdmtmpflush
3⤵
PID:569

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...