d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763

General

Target

d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763.bin
Size

102KB
MD5

e199f02ffcf1b1769c8aeb580f627267
SHA1

9586ebc83a1b6949e08820b46faf72ee5b132bca
SHA256

d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763
SHA512

de537e7032c38c6fcaf1947c6a5789150e7097f2093a400f6514b87b5d49742ab54cadfc435b2bc3fc3a3527e6249d9b8c5d8b405e3856d8c595c6fd81223c6f

Score

6^/10

Malware Config

Signatures

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

pkill

description ioc process

/sys/devices/system/cpu/online /sys/devices/system/cpu/online pkill

description	ioc	process
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pkill

description	ioc	process
/proc/302/cmdline	/proc/302/cmdline	pkill
/proc/349/status	/proc/349/status	pkill
/proc/81/cmdline	/proc/81/cmdline	pkill
/proc/156/status	/proc/156/status	pkill
/proc/7/cmdline	/proc/7/cmdline	pkill
/proc/11/status	/proc/11/status	pkill
/proc/34/status	/proc/34/status	pkill
/proc/237/status	/proc/237/status	pkill
/proc/35/status	/proc/35/status	pkill
/proc/477/status	/proc/477/status	pkill
/proc/564/status	/proc/564/status	pkill
/proc/154/status	/proc/154/status	pkill
/proc/345/cmdline	/proc/345/cmdline	pkill
/proc/1/cmdline	/proc/1/cmdline	pkill
/proc/77/cmdline	/proc/77/cmdline	pkill
/proc/80/status	/proc/80/status	pkill
/proc/82/status	/proc/82/status	pkill
/proc/84/cmdline	/proc/84/cmdline	pkill
/proc/300/cmdline	/proc/300/cmdline	pkill
/proc/369/status	/proc/369/status	pkill
/proc/8/cmdline	/proc/8/cmdline	pkill
/proc/24/status	/proc/24/status	pkill
/proc/24/cmdline	/proc/24/cmdline	pkill
/proc/25/cmdline	/proc/25/cmdline	pkill
/proc/190/status	/proc/190/status	pkill
/proc/27/cmdline	/proc/27/cmdline	pkill
/proc/114/status	/proc/114/status	pkill
/proc/159/status	/proc/159/status	pkill
/proc/191/status	/proc/191/status	pkill
/proc/27/status	/proc/27/status	pkill
/proc/161/status	/proc/161/status	pkill
/proc/349/cmdline	/proc/349/cmdline	pkill
/proc/443/cmdline	/proc/443/cmdline	pkill
/proc/28/cmdline	/proc/28/cmdline	pkill
/proc/79/status	/proc/79/status	pkill
/proc/344/status	/proc/344/status	pkill
/proc/sys/kernel/osrelease	/proc/sys/kernel/osrelease	pkill
/proc/10/status	/proc/10/status	pkill
/proc/17/cmdline	/proc/17/cmdline	pkill
/proc/18/status	/proc/18/status	pkill
/proc/26/status	/proc/26/status	pkill
/proc/83/cmdline	/proc/83/cmdline	pkill
/proc/159/cmdline	/proc/159/cmdline	pkill
/proc/163/cmdline	/proc/163/cmdline	pkill
/proc/369/cmdline	/proc/369/cmdline	pkill
/proc/166/status	/proc/166/status	pkill
/proc/443/status	/proc/443/status	pkill
/proc/479/status	/proc/479/status	pkill
/proc/12/cmdline	/proc/12/cmdline	pkill
/proc/18/cmdline	/proc/18/cmdline	pkill
/proc/19/status	/proc/19/status	pkill
/proc/32/status	/proc/32/status	pkill
/proc/162/status	/proc/162/status	pkill
/proc/8/status	/proc/8/status	pkill
/proc/97/status	/proc/97/status	pkill
/proc/167/status	/proc/167/status	pkill
/proc/249/cmdline	/proc/249/cmdline	pkill
/proc/2/status	/proc/2/status	pkill
/proc/6/status	/proc/6/status	pkill
/proc/33/status	/proc/33/status	pkill
/proc/160/status	/proc/160/status	pkill
/proc/161/cmdline	/proc/161/cmdline	pkill
/proc/21/cmdline	/proc/21/cmdline	pkill
/proc/165/status	/proc/165/status	pkill

./d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763.bin
./d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763.bin
1⤵
PID:565
- "" "" ""
  2⤵
  PID:566
- - /bin/uname
    uname -a
    3⤵
    PID:567
- - /bin/hostname
    hostname
    3⤵
    PID:568
- "" "" ""
  2⤵
  PID:569
- - /bin/uname
    uname -a
    3⤵
    PID:570
- - /bin/hostname
    hostname
    3⤵
    PID:571
- "" "" "pkill -9 vmx-*"
  2⤵
  PID:572
- - /usr/bin/pkill
    pkill -9 "vmx-*"
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:573
- "" "" ""
  2⤵
  PID:574
- - /usr/bin/awk
    awk -F "\"*,\"*" "{system(\"esxcli vm process kill --type=force --world-id=\" \$1)}"
    3⤵
    PID:576

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads