Analysis
-
max time kernel
0s -
max time network
141s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
24-07-2022 23:50
Behavioral task
behavioral1
Sample
871c836d030252c01a853996c8b1be1aa122b55f6dd5280dc469c15be9d97289
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
2 signatures
150 seconds
General
-
Target
871c836d030252c01a853996c8b1be1aa122b55f6dd5280dc469c15be9d97289
-
Size
124KB
-
MD5
9a8f73f34d7068422cb22483740ae0e4
-
SHA1
ae81be318be96b511c2efc84e2e04659039ef793
-
SHA256
871c836d030252c01a853996c8b1be1aa122b55f6dd5280dc469c15be9d97289
-
SHA512
ce86abbc596d5370b68e75e6e8afe2f77cba62911ace9f4b9f27760c7aaad475a98a71b4d358d3810d748ebb012cb329df4890b7d66044a650e5c3dacdfafeae
Score
5/10
Malware Config
Signatures
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc Process /proc/filesystems /proc/filesystems mkdir -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/.clt /tmp/.clt rm
Processes
-
/tmp/871c836d030252c01a853996c8b1be1aa122b55f6dd5280dc469c15be9d97289/tmp/871c836d030252c01a853996c8b1be1aa122b55f6dd5280dc469c15be9d972891⤵PID:571
-
/bin/shsh -c "rm -rf /tmp/.clt;mkdir /tmp/.clt"1⤵PID:574
-
/bin/rmrm -rf /tmp/.clt2⤵
- Writes file to tmp directory
PID:575
-
-
/bin/mkdirmkdir /tmp/.clt2⤵
- Reads runtime system information
PID:576
-