Resubmissions

19-07-2023 21:16

230719-z4frlabb95 4

19-07-2023 21:13

230719-z2sndabb89 5

11-11-2022 04:56

221111-fkt1bsbcbk 5

Analysis

  • max time kernel
    0s
  • max time network
    158s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • resource tags

    arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    11-11-2022 04:56

General

  • Target

    var www html kemhan/alfacgiapi/bash.alfa

  • Size

    1KB

  • MD5

    501e2358a0f82d8289dc51958bd81beb

  • SHA1

    ddbf3f121acff0c651dcea118333f610cc98b0c1

  • SHA256

    1bbacae70b0e11e051783879bb63f667b4ee88b6b5676eabc7b09ea9afbc113c

  • SHA512

    7e96a386e687738b404a06f54c96a690fa7c9c181969c68f4c72994a32286c33266303434c85ce117fa60ef326a626cd05fd5a1aafe653e29c972f336e284755

Score
5/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/var www html kemhan/alfacgiapi/bash.alfa
    "/tmp/var www html kemhan/alfacgiapi/bash.alfa"
    1⤵
    • Writes file to tmp directory
    PID:358
  • /usr/bin/base64
    base64 --decode
    1⤵
      PID:361
    • /usr/bin/base64
      base64 --decode
      1⤵
        PID:368

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads