285572a9f4a1050d435a6e328f1072f0a27be99b15e3024945ae5f9209999d8a

Analysis

max time kernel
0s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221111-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19-11-2022 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.python/rand
Size

631B
MD5

d6a18b1320902008e72ab762e8468f0c
SHA1

d4043b6a317192847ed014f7bfc21c54f08ae958
SHA256

b99bd73ae06b5305eb7753409fb4b9d2719c4e35428b8315a4f20ffe3b60aa97
SHA512

c843f3ef347d1ea365ecdbb181d53cd1361bc055ab9ba5e1ce075fc05c1a7968c8aeec72e9aa77cf244fd2ba9d1282c06af02e99b2579e5fb222c172fe2f8cbe

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/.python/rand	/tmp/.python/rand	rand

/tmp/.python/rand
/tmp/.python/rand
1⤵
- Writes file to tmp directory
PID:590
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:592
- ./start
  ./start 138.146
  2⤵
  PID:595
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:600
- ./start
  ./start 12.127
  2⤵
  PID:601
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:602
- ./start
  ./start 36.155
  2⤵
  PID:603
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:604
- ./start
  ./start 98.42
  2⤵
  PID:605
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:606
- ./start
  ./start 208.71
  2⤵
  PID:607
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:608
- ./start
  ./start 196.95
  2⤵
  PID:609
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:610
- ./start
  ./start 168.117
  2⤵
  PID:611
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:612
- ./start
  ./start 82.179
  2⤵
  PID:613
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:614
- ./start
  ./start 197.52
  2⤵
  PID:615
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:616
- ./start
  ./start 140.57
  2⤵
  PID:617
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:618
- ./start
  ./start 66.43
  2⤵
  PID:619
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:620
- ./start
  ./start 65.18
  2⤵
  PID:621
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:622
- ./start
  ./start 220.114
  2⤵
  PID:623
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:624
- ./start
  ./start 18.228
  2⤵
  PID:625
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:626
- ./start
  ./start 84.248
  2⤵
  PID:627
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:628
- ./start
  ./start 24.19
  2⤵
  PID:629
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:630
- ./start
  ./start 63.103
  2⤵
  PID:631
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:632
- ./start
  ./start 191.206
  2⤵
  PID:633
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:634
- ./start
  ./start 69.176
  2⤵
  PID:635
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:636
- ./start
  ./start 212.95
  2⤵
  PID:637
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:638
- ./start
  ./start 90.195
  2⤵
  PID:639
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:640
- ./start
  ./start 32.253
  2⤵
  PID:641
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:642
- ./start
  ./start 96.192
  2⤵
  PID:643
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:644
- ./start
  ./start 73.37
  2⤵
  PID:645
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:646
- ./start
  ./start 79.210
  2⤵
  PID:647
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:648
- ./start
  ./start 69.126
  2⤵
  PID:649
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:650
- ./start
  ./start 65.164
  2⤵
  PID:651
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:652
- ./start
  ./start 128.119
  2⤵
  PID:653
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:654
- ./start
  ./start 218.127
  2⤵
  PID:655
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:656
- ./start
  ./start 86.226
  2⤵
  PID:657
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:658
- ./start
  ./start 40.117
  2⤵
  PID:659
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:660
- ./start
  ./start 44.120
  2⤵
  PID:661
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:662
- ./start
  ./start 205.93
  2⤵
  PID:663
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:664
- ./start
  ./start 194.243
  2⤵
  PID:665
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:666
- ./start
  ./start 191.65
  2⤵
  PID:667
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:668
- ./start
  ./start 192.151
  2⤵
  PID:669
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:670
- ./start
  ./start 203.4
  2⤵
  PID:671
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:672
- ./start
  ./start 21.168
  2⤵
  PID:673
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:674
- ./start
  ./start 96.208
  2⤵
  PID:675
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:676
- ./start
  ./start 69.192
  2⤵
  PID:677
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:678
- ./start
  ./start 6.226
  2⤵
  PID:679
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:680
- ./start
  ./start 69.243
  2⤵
  PID:681
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:682
- ./start
  ./start 205.223
  2⤵
  PID:683
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:684
- ./start
  ./start 42.164
  2⤵
  PID:685
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:686
- ./start
  ./start 201.54
  2⤵
  PID:687
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:688
- ./start
  ./start 213.74
  2⤵
  PID:689
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:690
- ./start
  ./start 131.255
  2⤵
  PID:691
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:692
- ./start
  ./start 223.114
  2⤵
  PID:693
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:694
- ./start
  ./start 94.179
  2⤵
  PID:695
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:696
- ./start
  ./start 95.17
  2⤵
  PID:697
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:698
- ./start
  ./start 21.149
  2⤵
  PID:699
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:700
- ./start
  ./start 79.42
  2⤵
  PID:701
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:702
- ./start
  ./start 216.200
  2⤵
  PID:703
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:704
- ./start
  ./start 200.186
  2⤵
  PID:705
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:706
- ./start
  ./start 218.40
  2⤵
  PID:707
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:708
- ./start
  ./start 194.224
  2⤵
  PID:709
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:710
- ./start
  ./start 96.188
  2⤵
  PID:711
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:712
- ./start
  ./start 201.55
  2⤵
  PID:713
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:714
- ./start
  ./start 98.21
  2⤵
  PID:715
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:716
- ./start
  ./start 59.147
  2⤵
  PID:717
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:718
- ./start
  ./start 73.173
  2⤵
  PID:719
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:720
- ./start
  ./start 203.87
  2⤵
  PID:721
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:722
- ./start
  ./start 40.68
  2⤵
  PID:723
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:724
- ./start
  ./start 207.154
  2⤵
  PID:725
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:726
- ./start
  ./start 195.195
  2⤵
  PID:727
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:728
- ./start
  ./start 206.91
  2⤵
  PID:729
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:730
- ./start
  ./start 55.184
  2⤵
  PID:731
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:732
- ./start
  ./start 212.42
  2⤵
  PID:733
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:734
- ./start
  ./start 202.25
  2⤵
  PID:735
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:736
- ./start
  ./start 55.191
  2⤵
  PID:737
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:738
- ./start
  ./start 6.97
  2⤵
  PID:739
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:740
- ./start
  ./start 190.131
  2⤵
  PID:741
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:742
- ./start
  ./start 192.32
  2⤵
  PID:743
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:744
- ./start
  ./start 195.169
  2⤵
  PID:745
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:746
- ./start
  ./start 98.16
  2⤵
  PID:747
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:748
- ./start
  ./start 42.151
  2⤵
  PID:749
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:750
- ./start
  ./start 81.163
  2⤵
  PID:751
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:752
- ./start
  ./start 140.72
  2⤵
  PID:753
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:754
- ./start
  ./start 129.82
  2⤵
  PID:755
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:756
- ./start
  ./start 75.244
  2⤵
  PID:757
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:758
- ./start
  ./start 7.7
  2⤵
  PID:759
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:760
- ./start
  ./start 200.45
  2⤵
  PID:761
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:762
- ./start
  ./start 132.81
  2⤵
  PID:763
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:764
- ./start
  ./start 96.246
  2⤵
  PID:765
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:766
- ./start
  ./start 193.215
  2⤵
  PID:767
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:768
- ./start
  ./start 220.48
  2⤵
  PID:769
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:770
- ./start
  ./start 205.130
  2⤵
  PID:771
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:772
- ./start
  ./start 55.91
  2⤵
  PID:773
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:774
- ./start
  ./start 36.3
  2⤵
  PID:775
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:776
- ./start
  ./start 219.185
  2⤵
  PID:777
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:778
- ./start
  ./start 201.194
  2⤵
  PID:779
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:780
- ./start
  ./start 132.88
  2⤵
  PID:781
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:782
- ./start
  ./start 78.223
  2⤵
  PID:783
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:784
- ./start
  ./start 222.118
  2⤵
  PID:785
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:786
- ./start
  ./start 194.56
  2⤵
  PID:787
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:788
- ./start
  ./start 69.3
  2⤵
  PID:789
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:790
- ./start
  ./start 223.20
  2⤵
  PID:791
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:792

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads