d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763

General

Target

d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763.bin
Size

102KB
MD5

e199f02ffcf1b1769c8aeb580f627267
SHA1

9586ebc83a1b6949e08820b46faf72ee5b132bca
SHA256

d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763
SHA512

de537e7032c38c6fcaf1947c6a5789150e7097f2093a400f6514b87b5d49742ab54cadfc435b2bc3fc3a3527e6249d9b8c5d8b405e3856d8c595c6fd81223c6f

Score

6^/10

Malware Config

Signatures

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

pkill

description ioc process

/sys/devices/system/cpu/online /sys/devices/system/cpu/online pkill

description	ioc	process
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pkill

description	ioc	process
/proc/302/cmdline	/proc/302/cmdline	pkill
/proc/349/status	/proc/349/status	pkill
/proc/81/cmdline	/proc/81/cmdline	pkill
/proc/156/status	/proc/156/status	pkill
/proc/7/cmdline	/proc/7/cmdline	pkill
/proc/11/status	/proc/11/status	pkill
/proc/34/status	/proc/34/status	pkill
/proc/237/status	/proc/237/status	pkill
/proc/35/status	/proc/35/status	pkill
/proc/477/status	/proc/477/status	pkill
/proc/564/status	/proc/564/status	pkill
/proc/154/status	/proc/154/status	pkill
/proc/345/cmdline	/proc/345/cmdline	pkill
/proc/1/cmdline	/proc/1/cmdline	pkill
/proc/77/cmdline	/proc/77/cmdline	pkill
/proc/80/status	/proc/80/status	pkill
/proc/82/status	/proc/82/status	pkill
/proc/84/cmdline	/proc/84/cmdline	pkill
/proc/300/cmdline	/proc/300/cmdline	pkill
/proc/369/status	/proc/369/status	pkill
/proc/8/cmdline	/proc/8/cmdline	pkill
/proc/24/status	/proc/24/status	pkill
/proc/24/cmdline	/proc/24/cmdline	pkill
/proc/25/cmdline	/proc/25/cmdline	pkill
/proc/190/status	/proc/190/status	pkill
/proc/27/cmdline	/proc/27/cmdline	pkill
/proc/114/status	/proc/114/status	pkill
/proc/159/status	/proc/159/status	pkill
/proc/191/status	/proc/191/status	pkill
/proc/27/status	/proc/27/status	pkill
/proc/161/status	/proc/161/status	pkill
/proc/349/cmdline	/proc/349/cmdline	pkill
/proc/443/cmdline	/proc/443/cmdline	pkill
/proc/28/cmdline	/proc/28/cmdline	pkill
/proc/79/status	/proc/79/status	pkill
/proc/344/status	/proc/344/status	pkill
/proc/sys/kernel/osrelease	/proc/sys/kernel/osrelease	pkill
/proc/10/status	/proc/10/status	pkill
/proc/17/cmdline	/proc/17/cmdline	pkill
/proc/18/status	/proc/18/status	pkill
/proc/26/status	/proc/26/status	pkill
/proc/83/cmdline	/proc/83/cmdline	pkill
/proc/159/cmdline	/proc/159/cmdline	pkill
/proc/163/cmdline	/proc/163/cmdline	pkill
/proc/369/cmdline	/proc/369/cmdline	pkill
/proc/166/status	/proc/166/status	pkill
/proc/443/status	/proc/443/status	pkill
/proc/479/status	/proc/479/status	pkill
/proc/12/cmdline	/proc/12/cmdline	pkill
/proc/18/cmdline	/proc/18/cmdline	pkill
/proc/19/status	/proc/19/status	pkill
/proc/32/status	/proc/32/status	pkill
/proc/162/status	/proc/162/status	pkill
/proc/8/status	/proc/8/status	pkill
/proc/97/status	/proc/97/status	pkill
/proc/167/status	/proc/167/status	pkill
/proc/249/cmdline	/proc/249/cmdline	pkill
/proc/2/status	/proc/2/status	pkill
/proc/6/status	/proc/6/status	pkill
/proc/33/status	/proc/33/status	pkill
/proc/160/status	/proc/160/status	pkill
/proc/161/cmdline	/proc/161/cmdline	pkill
/proc/21/cmdline	/proc/21/cmdline	pkill
/proc/165/status	/proc/165/status	pkill

./d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763.bin
./d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763.bin
1⤵
PID:565

"" "" ""
2⤵
PID:566

/bin/uname
uname -a
3⤵
PID:567

/bin/hostname
hostname
3⤵
PID:568

"" "" ""
2⤵
PID:569

/bin/uname
uname -a
3⤵
PID:570

/bin/hostname
hostname
3⤵
PID:571

"" "" "pkill -9 vmx-*"
2⤵
PID:572

/usr/bin/pkill
pkill -9 "vmx-*"
3⤵
- Reads CPU attributes
- Reads runtime system information
PID:573

"" "" ""
2⤵
PID:574

/usr/bin/awk
awk -F "\"*,\"*" "{system(\"esxcli vm process kill --type=force --world-id=\" \$1)}"
3⤵
PID:576

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads