Analysis
-
max time kernel
14408s -
max time network
149s -
platform
linux_amd64 -
resource
ubuntu-amd64 -
submitted
05-05-2021 09:58
Static task
static1
Behavioral task
behavioral1
Sample
71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
Resource
debian9-mipsbe
General
-
Target
71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
-
Size
549KB
-
MD5
b4ff3961cefcc5e151e319666bae6f5e
-
SHA1
e1e985a90a116edea41d99b3e2a85a697f760d48
-
SHA256
71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
-
SHA512
e4a6eed3bbedf52e8b636ddfa34bde662dd9f8b7fd7745dc7689605b966bf24b0ed76bf9e418dab5d32668b9b6ecdc09b0e5da8cd011a274d8186cc169f4d52e
Malware Config
Signatures
-
Writes file to system bin folder 1 TTPs 64 IoCs
Processes:
description ioc /bin/pfprjtlqnxwde /bin/pfprjtlqnxwde /bin/mhltzxdh /bin/mhltzxdh /bin/dshccjmmdzat /bin/dshccjmmdzat /bin/mlmsjxdmwblbo /bin/mlmsjxdmwblbo /bin/mtelpn /bin/mtelpn /bin/ekcotyjbapkri /bin/ekcotyjbapkri /bin/zmfxqlsprzg /bin/zmfxqlsprzg /bin/seydtinenvyal /bin/seydtinenvyal /bin/xyzicvnhzdwk /bin/xyzicvnhzdwk /bin/shxuownxh /bin/shxuownxh /bin/xpnqyhteyjka /bin/xpnqyhteyjka /bin/tdocjxa /bin/tdocjxa /bin/qxeqilic /bin/qxeqilic /bin/nygfxb /bin/nygfxb /bin/xmiblmpghoslhn /bin/xmiblmpghoslhn /bin/uilzkogimocgun /bin/uilzkogimocgun /bin/ebytjg /bin/ebytjg /bin/lkxefhjtyb /bin/lkxefhjtyb /bin/wtblsql /bin/wtblsql /bin/czymjhh /bin/czymjhh /bin/xwwxqfbini /bin/xwwxqfbini /bin/xsibnvugos /bin/xsibnvugos /bin/hctqbkft /bin/hctqbkft /bin/fgffayqij /bin/fgffayqij /bin/qehxipausbo /bin/qehxipausbo /bin/eslrrtygyzkj /bin/eslrrtygyzkj /bin/adqmzickkun /bin/adqmzickkun /bin/zwhtfmvqy /bin/zwhtfmvqy /bin/yfjpizzabcnsvz /bin/yfjpizzabcnsvz /bin/rrecdgcebs /bin/rrecdgcebs /bin/hifrtpagho /bin/hifrtpagho /bin/ddvtjqom /bin/ddvtjqom /bin/rzahzfzhqklrl /bin/rzahzfzhqklrl /bin/yhiylygcia /bin/yhiylygcia /bin/uuiscm /bin/uuiscm /bin/fmzpawmfskygh /bin/fmzpawmfskygh /bin/nmpmmn /bin/nmpmmn /bin/mtzximlz /bin/mtzximlz /bin/xpdgswjvnw /bin/xpdgswjvnw /bin/glhqqosq /bin/glhqqosq /bin/uodpoq /bin/uodpoq /bin/qfictffeo /bin/qfictffeo /bin/hajnen /bin/hajnen /bin/yjamxbh /bin/yjamxbh /bin/gntmcdlqm /bin/gntmcdlqm /bin/dzcloa /bin/dzcloa /bin/laekyofdactalo /bin/laekyofdactalo /bin/slrajsd /bin/slrajsd /bin/pqpqooqe /bin/pqpqooqe /bin/bnygwg /bin/bnygwg /bin/xwxuoblfdps /bin/xwxuoblfdps /bin/ldkfhslh /bin/ldkfhslh /bin/emynywwqfltk /bin/emynywwqfltk /bin/mgnyomw /bin/mgnyomw /bin/xdrfhutpmjps /bin/xdrfhutpmjps /bin/lnsctmxfdc /bin/lnsctmxfdc /bin/fhacsnlxfla /bin/fhacsnlxfla /bin/byunvvxqcpo /bin/byunvvxqcpo /bin/yixcvbda /bin/yixcvbda /bin/ewovsugqz /bin/ewovsugqz /bin/tpztxz /bin/tpztxz /bin/imlzvubtuwqb /bin/imlzvubtuwqb /bin/tusjycnyvqd /bin/tusjycnyvqd /bin/talphrc /bin/talphrc -
Modifies rc script 1 TTPs 5 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
description ioc /etc/rc1.d/S90ccytuxddsni /etc/rc1.d/S90ccytuxddsni /etc/rc2.d/S90ccytuxddsni /etc/rc2.d/S90ccytuxddsni /etc/rc3.d/S90ccytuxddsni /etc/rc3.d/S90ccytuxddsni /etc/rc4.d/S90ccytuxddsni /etc/rc4.d/S90ccytuxddsni /etc/rc5.d/S90ccytuxddsni /etc/rc5.d/S90ccytuxddsni -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
description ioc /tmp/71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19 /tmp/71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19