Overview

overview

9

Static

static

71ef590b32...543f19

linux_amd64

9

Resubmissions

09-01-2022 01:49

220109-b8spysdcf3 9

09-01-2022 01:41

220109-b4c4psdcf2 1

Analysis

  • max time kernel
    0s
  • max time network
    143s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • submitted
    09-01-2022 01:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19

  • Size

    549KB

  • MD5

    b4ff3961cefcc5e151e319666bae6f5e

  • SHA1

    e1e985a90a116edea41d99b3e2a85a697f760d48

  • SHA256

    71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19

  • SHA512

    e4a6eed3bbedf52e8b636ddfa34bde662dd9f8b7fd7745dc7689605b966bf24b0ed76bf9e418dab5d32668b9b6ecdc09b0e5da8cd011a274d8186cc169f4d52e

Score
9/10
persistence

Malware Config

Signatures

  • Writes file to system bin folder 1 TTPs 16 IoCs
  • Modifies rc script 1 TTPs 5 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • ./71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
    ./71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
    1⤵
      PID:592
    • /bin/vyvbno
      /bin/vyvbno
      1⤵
        PID:596
      • /bin/wfdtjalrxz
        /bin/wfdtjalrxz -d 597
        1⤵
          PID:601
        • /bin/vlhryxrszdswa
          /bin/vlhryxrszdswa -d 597
          1⤵
            PID:604
          • /bin/rsekjnitfgor
            /bin/rsekjnitfgor -d 597
            1⤵
              PID:606
            • /bin/koznjku
              /bin/koznjku -d 597
              1⤵
                PID:614
              • /bin/ktwescx
                /bin/ktwescx -d 597
                1⤵
                  PID:617
                • /bin/bfxfrgsbbzhp
                  /bin/bfxfrgsbbzhp -d 597
                  1⤵
                    PID:621
                  • /bin/mzhlory
                    /bin/mzhlory -d 597
                    1⤵
                      PID:624
                    • /bin/wkeupxwolb
                      /bin/wkeupxwolb -d 597
                      1⤵
                        PID:627
                      • /bin/rawiiomj
                        /bin/rawiiomj -d 597
                        1⤵
                          PID:630
                        • /bin/tygizovnhtyde
                          /bin/tygizovnhtyde -d 597
                          1⤵
                            PID:633
                          • /bin/xvawln
                            /bin/xvawln -d 597
                            1⤵
                              PID:636
                            • /bin/cezyphmbqbwq
                              /bin/cezyphmbqbwq -d 597
                              1⤵
                                PID:639
                              • /bin/gpwcedvdibghyi
                                /bin/gpwcedvdibghyi -d 597
                                1⤵
                                  PID:642
                                • /bin/lvcncbn
                                  /bin/lvcncbn -d 597
                                  1⤵
                                    PID:645
                                  • /bin/izuadsql
                                    /bin/izuadsql -d 597
                                    1⤵
                                      PID:648
                                    • /bin/hjbmoypycxha
                                      /bin/hjbmoypycxha -d 597
                                      1⤵
                                        PID:651
                                      • /bin/locpbe
                                        /bin/locpbe -d 597
                                        1⤵
                                          PID:654

                                        Network

                                        MITRE ATT&CK Enterprise v6

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads