Analysis
-
max time kernel
0s -
max time network
73s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
submitted
17-02-2022 00:01
Static task
static1
Behavioral task
behavioral1
Sample
71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
Resource
ubuntu1804-amd64-en-20211208
linux_amd64
0 signatures
0 seconds
General
-
Target
71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
-
Size
549KB
-
MD5
b4ff3961cefcc5e151e319666bae6f5e
-
SHA1
e1e985a90a116edea41d99b3e2a85a697f760d48
-
SHA256
71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
-
SHA512
e4a6eed3bbedf52e8b636ddfa34bde662dd9f8b7fd7745dc7689605b966bf24b0ed76bf9e418dab5d32668b9b6ecdc09b0e5da8cd011a274d8186cc169f4d52e
Score
9/10
Malware Config
Signatures
-
Writes file to system bin folder 1 TTPs 17 IoCs
Processes:
description ioc /bin/yaoxwvxzm /bin/yaoxwvxzm /bin/umawelsvjq /bin/umawelsvjq /bin/fotatnpvl /bin/fotatnpvl /bin/qcrbhhuicizz /bin/qcrbhhuicizz /bin/sfbhxw /bin/sfbhxw /bin/vbhvly /bin/vbhvly /bin/niyxaar /bin/niyxaar /bin/edlmgs /bin/edlmgs /bin/qjuowwhvtnsrp /bin/qjuowwhvtnsrp /bin/gpzwxksj /bin/gpzwxksj /bin/nifhvwjpv /bin/nifhvwjpv /bin/fjpzdhjssoghfh /bin/fjpzdhjssoghfh /bin/fixipgcju /bin/fixipgcju /bin/jawtdg /bin/jawtdg /bin/pldmmpzzagj /bin/pldmmpzzagj /bin/gdoptq /bin/gdoptq /bin/drggbbszf /bin/drggbbszf -
Modifies rc script 1 TTPs 5 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
description ioc /etc/rc1.d/S90mdqcecwum /etc/rc1.d/S90mdqcecwum /etc/rc2.d/S90mdqcecwum /etc/rc2.d/S90mdqcecwum /etc/rc3.d/S90mdqcecwum /etc/rc3.d/S90mdqcecwum /etc/rc4.d/S90mdqcecwum /etc/rc4.d/S90mdqcecwum /etc/rc5.d/S90mdqcecwum /etc/rc5.d/S90mdqcecwum -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
description ioc /tmp/71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19 /tmp/71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19
Processes
-
./71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19./71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f191⤵PID:593
-
/bin/muwcecqdm/bin/muwcecqdm1⤵PID:597
-
/bin/gpzwxksj/bin/gpzwxksj -d 5981⤵PID:602
-
/bin/yaoxwvxzm/bin/yaoxwvxzm -d 5981⤵PID:605
-
/bin/nifhvwjpv/bin/nifhvwjpv -d 5981⤵PID:612
-
/bin/qjuowwhvtnsrp/bin/qjuowwhvtnsrp -d 5981⤵PID:615
-
/bin/pldmmpzzagj/bin/pldmmpzzagj -d 5981⤵PID:618
-
/bin/umawelsvjq/bin/umawelsvjq -d 5981⤵PID:622
-
/bin/fjpzdhjssoghfh/bin/fjpzdhjssoghfh -d 5981⤵PID:625
-
/bin/fotatnpvl/bin/fotatnpvl -d 5981⤵PID:628
-
/bin/gdoptq/bin/gdoptq -d 5981⤵PID:631
-
/bin/fixipgcju/bin/fixipgcju -d 5981⤵PID:634
-
/bin/qcrbhhuicizz/bin/qcrbhhuicizz -d 5981⤵PID:637
-
/bin/sfbhxw/bin/sfbhxw -d 5981⤵PID:640
-
/bin/vbhvly/bin/vbhvly -d 5981⤵PID:643
-
/bin/niyxaar/bin/niyxaar -d 5981⤵PID:646
-
/bin/jawtdg/bin/jawtdg -d 5981⤵PID:649
-
/bin/edlmgs/bin/edlmgs -d 5981⤵PID:652
-
/bin/drggbbszf/bin/drggbbszf -d 5981⤵PID:655