Overview

overview

9

Static

static

23schaqfoys

linux_amd64

9

Analysis

  • max time kernel
    0s
  • max time network
    27s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • submitted
    25-04-2022 21:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23schaqfoys

  • Size

    549KB

  • MD5

    b4ff3961cefcc5e151e319666bae6f5e

  • SHA1

    e1e985a90a116edea41d99b3e2a85a697f760d48

  • SHA256

    71ef590b32ef90a021be7bafd074b7698ffefab7f935e371568bef5eb2543f19

  • SHA512

    e4a6eed3bbedf52e8b636ddfa34bde662dd9f8b7fd7745dc7689605b966bf24b0ed76bf9e418dab5d32668b9b6ecdc09b0e5da8cd011a274d8186cc169f4d52e

Score
9/10
persistence

Malware Config

Signatures

  • Writes file to system bin folder 1 TTPs 17 IoCs
  • Modifies rc script 1 TTPs 5 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • ./23schaqfoys
    ./23schaqfoys
    1⤵
      PID:580
    • /bin/qshrmeyupz
      /bin/qshrmeyupz
      1⤵
        PID:584
      • /bin/zqjliuggzladkk
        /bin/zqjliuggzladkk -d 585
        1⤵
          PID:589
        • /bin/svjlrraa
          /bin/svjlrraa -d 585
          1⤵
            PID:592
          • /bin/nmlikcwsis
            /bin/nmlikcwsis -d 585
            1⤵
              PID:599
            • /bin/suzqbhy
              /bin/suzqbhy -d 585
              1⤵
                PID:602
              • /bin/zmathmg
                /bin/zmathmg -d 585
                1⤵
                  PID:605
                • /bin/hbyupkezoaux
                  /bin/hbyupkezoaux -d 585
                  1⤵
                    PID:609
                  • /bin/srpujs
                    /bin/srpujs -d 585
                    1⤵
                      PID:612
                    • /bin/jkcvmxfye
                      /bin/jkcvmxfye -d 585
                      1⤵
                        PID:615
                      • /bin/dlgehxqlze
                        /bin/dlgehxqlze -d 585
                        1⤵
                          PID:618
                        • /bin/vdgnxxhgplqbp
                          /bin/vdgnxxhgplqbp -d 585
                          1⤵
                            PID:621
                          • /bin/onsmrysegw
                            /bin/onsmrysegw -d 585
                            1⤵
                              PID:624
                            • /bin/gmyfsmaytn
                              /bin/gmyfsmaytn -d 585
                              1⤵
                                PID:627
                              • /bin/sxdiivjz
                                /bin/sxdiivjz -d 585
                                1⤵
                                  PID:630
                                • /bin/xobmhbgl
                                  /bin/xobmhbgl -d 585
                                  1⤵
                                    PID:633
                                  • /bin/cyqqxvkjxkem
                                    /bin/cyqqxvkjxkem -d 585
                                    1⤵
                                      PID:636
                                    • /bin/xjnhtiqvtq
                                      /bin/xjnhtiqvtq -d 585
                                      1⤵
                                        PID:639
                                      • /bin/xerakckodaecx
                                        /bin/xerakckodaecx -d 585
                                        1⤵
                                          PID:642

                                        Network

                                        MITRE ATT&CK Enterprise v6

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads