796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4

Resubmissions

30-06-2021 16:31

210630-1sneypq8f6 10

28-06-2021 22:58

210628-35r4txhga2 10

Analysis

max time kernel
19120s
max time network
156s
platform
linux_amd64
resource
ubuntu-amd64
submitted
28-06-2021 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4.bin
Size

102KB
MD5

ab3229656f73505a3c53f7d2e95efd0e
SHA1

45404b862e70a7a1b4db6c73d374b8ac19ddf772
SHA256

796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4
SHA512

6d7fd3cd593f2c15c899a159282f48c9d3a274a4d9d1e05ed42fa1b99debf193eb828cf07b2deaa2b65fb8d91488c4c546c1d97d60f01ea1ddcd63e19e8ac3d9

Score

6^/10

Malware Config

Signatures

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

pkill

description ioc process

/sys/devices/system/cpu/online /sys/devices/system/cpu/online pkill

description	ioc	process
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pkill

description	ioc	process
/proc/21/status	/proc/21/status	pkill
/proc/237/cmdline	/proc/237/cmdline	pkill
/proc/300/status	/proc/300/status	pkill
/proc/84/cmdline	/proc/84/cmdline	pkill
/proc/158/cmdline	/proc/158/cmdline	pkill
/proc/sys/kernel/osrelease	/proc/sys/kernel/osrelease	pkill
/proc/22/cmdline	/proc/22/cmdline	pkill
/proc/27/status	/proc/27/status	pkill
/proc/77/status	/proc/77/status	pkill
/proc/167/status	/proc/167/status	pkill
/proc/19/status	/proc/19/status	pkill
/proc/26/status	/proc/26/status	pkill
/proc/152/cmdline	/proc/152/cmdline	pkill
/proc/166/status	/proc/166/status	pkill
/proc/34/status	/proc/34/status	pkill
/proc/80/cmdline	/proc/80/cmdline	pkill
/proc/97/cmdline	/proc/97/cmdline	pkill
/proc/151/cmdline	/proc/151/cmdline	pkill
/proc/5/cmdline	/proc/5/cmdline	pkill
/proc/14/status	/proc/14/status	pkill
/proc/27/cmdline	/proc/27/cmdline	pkill
/proc/29/status	/proc/29/status	pkill
/proc/416/status	/proc/416/status	pkill
/proc/447/cmdline	/proc/447/cmdline	pkill
/proc/1/cmdline	/proc/1/cmdline	pkill
/proc/32/status	/proc/32/status	pkill
/proc/114/cmdline	/proc/114/cmdline	pkill
/proc/158/status	/proc/158/status	pkill
/proc/4/cmdline	/proc/4/cmdline	pkill
/proc/88/status	/proc/88/status	pkill
/proc/163/cmdline	/proc/163/cmdline	pkill
/proc/387/cmdline	/proc/387/cmdline	pkill
/proc/24/status	/proc/24/status	pkill
/proc/157/cmdline	/proc/157/cmdline	pkill
/proc/416/cmdline	/proc/416/cmdline	pkill
/proc/30/status	/proc/30/status	pkill
/proc/156/cmdline	/proc/156/cmdline	pkill
/proc/163/status	/proc/163/status	pkill
/proc/3/status	/proc/3/status	pkill
/proc/5/status	/proc/5/status	pkill
/proc/6/cmdline	/proc/6/cmdline	pkill
/proc/23/status	/proc/23/status	pkill
/proc/152/status	/proc/152/status	pkill
/proc/161/cmdline	/proc/161/cmdline	pkill
/proc/164/status	/proc/164/status	pkill
/proc/165/cmdline	/proc/165/cmdline	pkill
/proc/1/status	/proc/1/status	pkill
/proc/4/status	/proc/4/status	pkill
/proc/28/cmdline	/proc/28/cmdline	pkill
/proc/33/status	/proc/33/status	pkill
/proc/479/status	/proc/479/status	pkill
/proc/688/status	/proc/688/status	pkill
/proc/17/status	/proc/17/status	pkill
/proc/154/cmdline	/proc/154/cmdline	pkill
/proc/164/cmdline	/proc/164/cmdline	pkill
/proc/84/status	/proc/84/status	pkill
/proc/443/cmdline	/proc/443/cmdline	pkill
/proc/479/cmdline	/proc/479/cmdline	pkill
/proc/12/status	/proc/12/status	pkill
/proc/13/status	/proc/13/status	pkill
/proc/26/cmdline	/proc/26/cmdline	pkill
/proc/77/cmdline	/proc/77/cmdline	pkill
/proc/7/cmdline	/proc/7/cmdline	pkill
/proc/159/cmdline	/proc/159/cmdline	pkill

./796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4.bin
./796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4.bin
1⤵
PID:688

"" "" ""
2⤵
PID:689

/bin/uname
uname -a
3⤵
PID:690

/bin/hostname
hostname
3⤵
PID:691

"" "" ""
2⤵
PID:692

/bin/uname
uname -a
3⤵
PID:693

/bin/hostname
hostname
3⤵
PID:694

"" "" "pkill -9 vmx-*"
2⤵
PID:695

/usr/bin/pkill
pkill -9 "vmx-*"
3⤵
- Reads CPU attributes
- Reads runtime system information
PID:696

"" "" ""
2⤵
PID:697

/usr/bin/awk
awk -F "\"*,\"*" "{system(\"esxcli vm process kill --type=force --world-id=\" \$1)}"
3⤵
PID:699

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads