Overview

overview

10

Static

static

10

4f02cc4d54...ade853

ubuntu-18.04-amd64

9

Resubmissions

05-09-2022 12:12

220905-pdhs6agfgj 10

03-09-2022 22:20

220903-185rysgeb2 10

Analysis

  • max time kernel
    0s
  • max time network
    114s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    03-09-2022 22:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

  • Size

    549KB

  • MD5

    63d6cd74a7cd01bf3a3921c36e90237f

  • SHA1

    f697783da228c7787cf1c6a67a10a8c065d6aaa7

  • SHA256

    4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

  • SHA512

    51b1aef53c8277b8700630b144f15c9a41df358a43d71ef0b9352bbdf71c8777774f1ef1e361c8c95930143b54fcde590885242df3da60dce5b1a1d3761e2db3

  • SSDEEP

    12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO

Score
9/10
persistence

Malware Config

Signatures

  • Writes file to system bin folder 1 TTPs 16 IoCs
  • Modifies rc script 1 TTPs 5 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Writes file to shm directory 1 IoCs

    Malware can drop malicious files in the shm directory which will run directly from RAM.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853
    /tmp/4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853
    1⤵
      PID:571
    • /bin/hovuqeq
      /bin/hovuqeq
      1⤵
        PID:575
      • /bin/eatnhwwileys
        /bin/eatnhwwileys -d 576
        1⤵
          PID:580
        • /bin/xouuqtccova
          /bin/xouuqtccova -d 576
          1⤵
            PID:587
          • /bin/eltlfimjfmmma
            /bin/eltlfimjfmmma -d 576
            1⤵
              PID:590
            • /bin/tglszjiwfypjb
              /bin/tglszjiwfypjb -d 576
              1⤵
                PID:593
              • /bin/edjjqcwvkkf
                /bin/edjjqcwvkkf -d 576
                1⤵
                  PID:596
                • /bin/tdzoyfzrek
                  /bin/tdzoyfzrek -d 576
                  1⤵
                    PID:600
                  • /bin/cqctbdxi
                    /bin/cqctbdxi -d 576
                    1⤵
                      PID:603
                    • /bin/gtyipwuzdmy
                      /bin/gtyipwuzdmy -d 576
                      1⤵
                        PID:606
                      • /bin/pxkoclhjwilo
                        /bin/pxkoclhjwilo -d 576
                        1⤵
                          PID:609
                        • /bin/fppezzmsawjwq
                          /bin/fppezzmsawjwq -d 576
                          1⤵
                            PID:611
                          • /bin/zejxujjkn
                            /bin/zejxujjkn -d 576
                            1⤵
                              PID:615
                            • /bin/rwqbkg
                              /bin/rwqbkg -d 576
                              1⤵
                                PID:618
                              • /bin/ryfvxfj
                                /bin/ryfvxfj -d 576
                                1⤵
                                  PID:621
                                • /bin/fhbdzoee
                                  /bin/fhbdzoee -d 576
                                  1⤵
                                    PID:624
                                  • /bin/byjkkwgb
                                    /bin/byjkkwgb -d 576
                                    1⤵
                                      PID:627
                                    • /bin/zeffuwdatdhexo
                                      /bin/zeffuwdatdhexo -d 576
                                      1⤵
                                        PID:630
                                      • /bin/arkpvop
                                        /bin/arkpvop -d 576
                                        1⤵
                                          PID:633

                                        Network

                                        MITRE ATT&CK Enterprise v6

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads