Resubmissions
20-04-2023 08:22
230420-j9pnpaae8s 1020-04-2023 08:22
230420-j9pcxsge73 1015-03-2023 12:40
230315-pwcd4afc4t 1015-03-2023 12:39
230315-pvsdxsdb55 1013-03-2023 14:43
230313-r3ya9aag67 1024-08-2021 03:35
210824-ycawpc5ms2 9Analysis
-
max time kernel
1005s -
max time network
151s -
platform
linux_amd64 -
resource
ubuntu-amd64 -
submitted
24-08-2021 03:35
Static task
static1
Behavioral task
behavioral1
Sample
nyynvefzjerks
Resource
ubuntu-amd64
linux_amd64
Behavioral task
behavioral2
Sample
nyynvefzjerks
Resource
debian9-mipsel
linux_mipsel
Behavioral task
behavioral3
Sample
nyynvefzjerks
Resource
debian9-mipsbe
linux_mips
General
-
Target
nyynvefzjerks
-
Size
546KB
-
MD5
2a91a3170a5fd4fb3e30f3d63b9120de
-
SHA1
1a7a226833f43fdaee71cb6f84914f9a1e87de81
-
SHA256
c9bd6d01eb7258fef88ec5c9276431c1db45f063b316f83943e45b6a40a76783
-
SHA512
2d396f7fd0e661a2f15a1f0dc51341b89d9b28f6742a4bdfb7fe9115c5c7b44d9b8ac6e1c5e492f5971c2f9595f17c4154d979f7183df23d8f52ab0e24834d3f
Malware Config
Signatures
-
Writes file to system bin folder 1 TTPs 64 IoCs
Processes:
description ioc /bin/ampzvjtbiatfu /bin/ampzvjtbiatfu /bin/wtyyfo /bin/wtyyfo /bin/vicdhekbmxthzp /bin/vicdhekbmxthzp /bin/tmsbqpwh /bin/tmsbqpwh /bin/rkhuccj /bin/rkhuccj /bin/oqitiigmkqmwi /bin/oqitiigmkqmwi /bin/yuheajcccxfxx /bin/yuheajcccxfxx /bin/xzxhmuv /bin/xzxhmuv /bin/rhbzfikbpbgrvt /bin/rhbzfikbpbgrvt /bin/sfujivblmcofy /bin/sfujivblmcofy /bin/qmlafqdnrfq /bin/qmlafqdnrfq /bin/alqhrt /bin/alqhrt /bin/bdtbica /bin/bdtbica /bin/grizexfvhrfl /bin/grizexfvhrfl /bin/qxeftvqake /bin/qxeftvqake /bin/zcopwab /bin/zcopwab /bin/skfgdkj /bin/skfgdkj /bin/wkctzjkovx /bin/wkctzjkovx /bin/vncztofjbjt /bin/vncztofjbjt /bin/zhgiskzt /bin/zhgiskzt /bin/pzdswbwuafhinn /bin/pzdswbwuafhinn /bin/fyrgybvhxdybl /bin/fyrgybvhxdybl /bin/cyjfphclfsri /bin/cyjfphclfsri /bin/vnkdtaosluvib /bin/vnkdtaosluvib /bin/olrgcwpuwxtf /bin/olrgcwpuwxtf /bin/faeqziere /bin/faeqziere /bin/btriccvpckc /bin/btriccvpckc /bin/pcqezireghi /bin/pcqezireghi /bin/dpvxvgli /bin/dpvxvgli /bin/srcjsdlgvvb /bin/srcjsdlgvvb /bin/wjorqd /bin/wjorqd /bin/lnycwxzl /bin/lnycwxzl /bin/ysequy /bin/ysequy /bin/sdtowwoocqwhc /bin/sdtowwoocqwhc /bin/vkibzwtiilpabq /bin/vkibzwtiilpabq /bin/fpdsul /bin/fpdsul /bin/zutfpcvodcnil /bin/zutfpcvodcnil /bin/zkqfnyuug /bin/zkqfnyuug /bin/gibrzghuxjqt /bin/gibrzghuxjqt /bin/nwuwkhnvcqyveg /bin/nwuwkhnvcqyveg /bin/buwklfn /bin/buwklfn /bin/naoizndlmjzoq /bin/naoizndlmjzoq /bin/injgiquxwaj /bin/injgiquxwaj /bin/yghzcglfo /bin/yghzcglfo /bin/rllwimipfwsl /bin/rllwimipfwsl /bin/tmwbilmfstwbq /bin/tmwbilmfstwbq /bin/uacroiurxnuwht /bin/uacroiurxnuwht /bin/gxtfyl /bin/gxtfyl /bin/ghesggselg /bin/ghesggselg /bin/dcbigzchug /bin/dcbigzchug /bin/ypwoboyvxi /bin/ypwoboyvxi /bin/nifesxlk /bin/nifesxlk /bin/apzmadqbdgdfm /bin/apzmadqbdgdfm /bin/cmfswghbtt /bin/cmfswghbtt /bin/ljdyoevindv /bin/ljdyoevindv /bin/wpuyvj /bin/wpuyvj /bin/fjndpfkzzt /bin/fjndpfkzzt /bin/nlycgfs /bin/nlycgfs /bin/kdhvpdck /bin/kdhvpdck /bin/okmnrf /bin/okmnrf /bin/zuqatbidg /bin/zuqatbidg /bin/onqqdpe /bin/onqqdpe /bin/rthubkohe /bin/rthubkohe /bin/aragwo /bin/aragwo -
Modifies rc script 1 TTPs 5 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
description ioc /etc/rc1.d/S90skrejzfevnyyn /etc/rc1.d/S90skrejzfevnyyn /etc/rc2.d/S90skrejzfevnyyn /etc/rc2.d/S90skrejzfevnyyn /etc/rc3.d/S90skrejzfevnyyn /etc/rc3.d/S90skrejzfevnyyn /etc/rc4.d/S90skrejzfevnyyn /etc/rc4.d/S90skrejzfevnyyn /etc/rc5.d/S90skrejzfevnyyn /etc/rc5.d/S90skrejzfevnyyn