bd353a28886815f43fe71c561a027fdeff5cd83e17e2055c0e52bea344ae51d3 | Triage

Resubmissions

02-06-2022 16:50

220602-vceb8sceam 10

18-05-2022 18:03

220518-wm8jhafbgm 5

Analysis

max time kernel
0s
max time network
103s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
submitted
02-06-2022 16:50

Sharing

Report Analysis Logs

General

Target

bd353a28886815f43fe71c561a027fdeff5cd83e17e2055c0e52bea344ae51d3.bin
Size

27KB
MD5

80e6bfeec50096d9b1c222897f43bbea
SHA1

f8715db0f879fa87abf2ff6ac5b2d25fe89ccdda
SHA256

bd353a28886815f43fe71c561a027fdeff5cd83e17e2055c0e52bea344ae51d3
SHA512

45a663b8b4a20843656c28064dd8d6bac5b6ce2485da8a8409bac58f6fb9533588ad37bf3e6e5a84caf37fe6d236e6a07340fd2cee0c346faaea9bd0e8e24d35

Score

5^/10

Malware Config

Signatures

Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

cp

description ioc process

/proc/filesystems /proc/filesystems cp

./bd353a28886815f43fe71c561a027fdeff5cd83e17e2055c0e52bea344ae51d3.bin
./bd353a28886815f43fe71c561a027fdeff5cd83e17e2055c0e52bea344ae51d3.bin
1⤵
PID:577

/bin/sh
sh -c "/bin/rm -f /var/lock/kdumpdb;/bin/cp ./bd353a28886815f43fe71c561a027fdeff5cd83e17e2055c0e52bea344ae51d3.bin /var/lock/kdumpdb && /bin/chmod 755 /var/lock/kdumpdb && /var/lock/kdumpdb --init"
2⤵
PID:578

/bin/rm
/bin/rm -f /var/lock/kdumpdb
3⤵
PID:579

/bin/cp
/bin/cp ./bd353a28886815f43fe71c561a027fdeff5cd83e17e2055c0e52bea344ae51d3.bin /var/lock/kdumpdb
3⤵
- Reads runtime system information
PID:580

/bin/chmod
/bin/chmod 755 /var/lock/kdumpdb
3⤵
PID:581

/var/lock/kdumpdb
/var/lock/kdumpdb --init
3⤵
PID:582

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...