3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d

Resubmissions

30-06-2021 16:31

210630-bnf9h5f4vx 10

28-06-2021 22:59

210628-h91ft82jq2 10

Analysis

max time kernel
19270s
max time network
156s
platform
linux_amd64
resource
ubuntu-amd64
submitted
30-06-2021 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d.bin
Size

102KB
MD5

96a157e4c0bef22e0cea1299f88d4745
SHA1

446771415864f4916df33aad1aa7e42fa104adee
SHA256

3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d
SHA512

697071bac6f86ea1b0421306dbc87e926973f061b8eff4608f9a98ada622fe2bdcd45a180591792dd14de54a0b87301ae02f0a3a222e93eb412b340ccc990377

Score

6^/10

Malware Config

Signatures

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

pkill

description ioc process

/sys/devices/system/cpu/online /sys/devices/system/cpu/online pkill

description	ioc	process
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pkill

description	ioc	process
/proc/5/status	/proc/5/status	pkill
/proc/83/cmdline	/proc/83/cmdline	pkill
/proc/164/status	/proc/164/status	pkill
/proc/249/status	/proc/249/status	pkill
/proc/302/status	/proc/302/status	pkill
/proc/2/cmdline	/proc/2/cmdline	pkill
/proc/24/cmdline	/proc/24/cmdline	pkill
/proc/25/status	/proc/25/status	pkill
/proc/28/cmdline	/proc/28/cmdline	pkill
/proc/29/cmdline	/proc/29/cmdline	pkill
/proc/13/cmdline	/proc/13/cmdline	pkill
/proc/153/status	/proc/153/status	pkill
/proc/345/status	/proc/345/status	pkill
/proc/564/cmdline	/proc/564/cmdline	pkill
/proc/161/status	/proc/161/status	pkill
/proc/163/status	/proc/163/status	pkill
/proc/345/cmdline	/proc/345/cmdline	pkill
/proc/477/cmdline	/proc/477/cmdline	pkill
/proc/479/status	/proc/479/status	pkill
/proc/190/status	/proc/190/status	pkill
/proc/1/status	/proc/1/status	pkill
/proc/13/status	/proc/13/status	pkill
/proc/26/status	/proc/26/status	pkill
/proc/30/cmdline	/proc/30/cmdline	pkill
/proc/158/cmdline	/proc/158/cmdline	pkill
/proc/163/cmdline	/proc/163/cmdline	pkill
/proc/169/cmdline	/proc/169/cmdline	pkill
/proc/688/status	/proc/688/status	pkill
/proc/3/cmdline	/proc/3/cmdline	pkill
/proc/16/status	/proc/16/status	pkill
/proc/21/status	/proc/21/status	pkill
/proc/77/status	/proc/77/status	pkill
/proc/162/status	/proc/162/status	pkill
/proc/695/cmdline	/proc/695/cmdline	pkill
/proc/30/status	/proc/30/status	pkill
/proc/78/status	/proc/78/status	pkill
/proc/97/status	/proc/97/status	pkill
/proc/2/status	/proc/2/status	pkill
/proc/4/cmdline	/proc/4/cmdline	pkill
/proc/6/status	/proc/6/status	pkill
/proc/19/cmdline	/proc/19/cmdline	pkill
/proc/23/status	/proc/23/status	pkill
/proc/369/status	/proc/369/status	pkill
/proc/564/status	/proc/564/status	pkill
/proc/33/status	/proc/33/status	pkill
/proc/152/cmdline	/proc/152/cmdline	pkill
/proc/443/status	/proc/443/status	pkill
/proc/88/cmdline	/proc/88/cmdline	pkill
/proc/352/cmdline	/proc/352/cmdline	pkill
/proc/696/cmdline	/proc/696/cmdline	pkill
/proc/17/cmdline	/proc/17/cmdline	pkill
/proc/20/cmdline	/proc/20/cmdline	pkill
/proc/24/status	/proc/24/status	pkill
/proc/31/status	/proc/31/status	pkill
/proc/82/status	/proc/82/status	pkill
/proc/14/status	/proc/14/status	pkill
/proc/18/cmdline	/proc/18/cmdline	pkill
/proc/19/status	/proc/19/status	pkill
/proc/359/status	/proc/359/status	pkill
/proc/479/cmdline	/proc/479/cmdline	pkill
/proc/7/cmdline	/proc/7/cmdline	pkill
/proc/27/status	/proc/27/status	pkill
/proc/34/cmdline	/proc/34/cmdline	pkill
/proc/167/cmdline	/proc/167/cmdline	pkill

./3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d.bin
./3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d.bin
1⤵
PID:688
- "" "" ""
  2⤵
  PID:689
- - /bin/uname
    uname -a
    3⤵
    PID:690
- - /bin/hostname
    hostname
    3⤵
    PID:691
- "" "" ""
  2⤵
  PID:692
- - /bin/uname
    uname -a
    3⤵
    PID:693
- - /bin/hostname
    hostname
    3⤵
    PID:694
- "" "" "pkill -9 vmx-*"
  2⤵
  PID:695
- - /usr/bin/pkill
    pkill -9 "vmx-*"
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:696
- "" "" ""
  2⤵
  PID:697
- - /usr/bin/awk
    awk -F "\"*,\"*" "{system(\"esxcli vm process kill --type=force --world-id=\" \$1)}"
    3⤵
    PID:699

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads