6af509a247fccfa95589e9624b3d7a0c6f903822efb432d71e079272582f7fbe | Triage

Resubmissions

19-07-2023 21:16

230719-z4frlabb95 4

19-07-2023 21:13

230719-z2sndabb89 5

11-11-2022 04:56

221111-fkt1bsbcbk 5

Analysis

max time network
133s
platform
linux_mipsel
resource
debian9-mipsel-en-20211208
resource tags

arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
11-11-2022 04:56

Sharing

Report Analysis Logs

General

Target

var www html kemhan/alfacgiapi/bash.alfa
Size

1KB
MD5

501e2358a0f82d8289dc51958bd81beb
SHA1

ddbf3f121acff0c651dcea118333f610cc98b0c1
SHA256

1bbacae70b0e11e051783879bb63f667b4ee88b6b5676eabc7b09ea9afbc113c
SHA512

7e96a386e687738b404a06f54c96a690fa7c9c181969c68f4c72994a32286c33266303434c85ce117fa60ef326a626cd05fd5a1aafe653e29c972f336e284755

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

bash.alfa

description ioc process

/tmp/var www html kemhan/alfacgiapi/bash.alfa /tmp/var www html kemhan/alfacgiapi/bash.alfa bash.alfa

/tmp/var www html kemhan/alfacgiapi/bash.alfa
"/tmp/var www html kemhan/alfacgiapi/bash.alfa"
1⤵
- Writes file to tmp directory
PID:331

/usr/bin/base64
base64 --decode
1⤵
PID:334

/usr/bin/base64
base64 --decode
1⤵
PID:337

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads