Analysis

  • max time kernel
    0s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20221111-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    19-11-2022 08:54

General

  • Target

    .python/allb

  • Size

    1KB

  • MD5

    d8562d823f1531477aed56051c3e616a

  • SHA1

    e5ddd1abb83d031082d713f3b7c8ecb3e19a53d0

  • SHA256

    c96a2a632b23eb6849a539202f995431e9fd5def6cf9a5998419192e2ffb4671

  • SHA512

    ad4b1108d0ff324ec74456ab4d84bfe4cdd2759808ef8fb92a446ace3c1d19956e95b2f8a0896824c13b6c662413dcf0ddb0ca6e333d4366a708f76cb4c87da0

Score
5/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.python/allb
    /tmp/.python/allb
    1⤵
    • Writes file to tmp directory
    PID:605
    • ./c
      ./c 22 -b -i vmbr0 -s 10
      2⤵
        PID:606
      • /bin/sleep
        sleep 2
        2⤵
          PID:607
        • ./prg
          ./prg -I bios.txt -U user.txt -L pass.txt -o vuln.txt
          2⤵
            PID:613
          • /bin/sleep
            sleep 5
            2⤵
              PID:614
            • /bin/rm
              rm -rf bios.txt
              2⤵
                PID:615
              • /bin/sleep
                sleep 1
                2⤵
                  PID:616
                • /bin/cat
                  cat vuln.txt
                  2⤵
                    PID:617
                  • /bin/cat
                    cat vuln.txt
                    2⤵
                      PID:618

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads