Analysis
-
max time kernel
0s -
max time network
102s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18-08-2022 11:28
Behavioral task
behavioral1
Sample
skid.x86-20220818-1128
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
1 signatures
150 seconds
General
-
Target
skid.x86-20220818-1128
-
Size
58KB
-
MD5
2c21a8a7c9cf74bcf5b21194bb7fcce4
-
SHA1
45e35c8e2ef04e5428e34c130542b23bd5532193
-
SHA256
a3d6cd2a877597e1bef369fdb53f4a32683f33c888ef160c724acc0ff5ffbf3a
-
SHA512
5551576753ae029b730cf9770563e89a691355518ebcf153389e0921f10c1b3de5f0587a5acc150241fd5d3ce3d9eed503f848e18649e757797b2a0d769efc8c
Score
5/10
Malware Config
Signatures
-
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.
description ioc Process /proc/filesystems /proc/filesystems mkdir /proc/filesystems /proc/filesystems mv
Processes
-
/tmp/skid.x86-20220818-1128/tmp/skid.x86-20220818-11281⤵PID:571
-
/bin/shsh -c "rm -rf bin/busybox && mkdir bin; >bin/busybox && mv /tmp/skid.x86-20220818-1128 bin/busybox; chmod 777 bin/busybox"1⤵PID:573
-
/bin/rmrm -rf bin/busybox2⤵PID:574
-
-
/bin/mkdirmkdir bin2⤵
- Reads runtime system information
PID:575
-
-
/bin/mvmv /tmp/skid.x86-20220818-1128 bin/busybox2⤵
- Reads runtime system information
PID:576
-
-
/bin/chmodchmod 777 bin/busybox2⤵PID:577
-