285572a9f4a1050d435a6e328f1072f0a27be99b15e3024945ae5f9209999d8a | Triage

Analysis

max time kernel
0s
max time network
123s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
19-11-2022 08:54

Sharing

Report Analysis Logs

General

Target

.python/allb
Size

1KB
MD5

d8562d823f1531477aed56051c3e616a
SHA1

e5ddd1abb83d031082d713f3b7c8ecb3e19a53d0
SHA256

c96a2a632b23eb6849a539202f995431e9fd5def6cf9a5998419192e2ffb4671
SHA512

ad4b1108d0ff324ec74456ab4d84bfe4cdd2759808ef8fb92a446ace3c1d19956e95b2f8a0896824c13b6c662413dcf0ddb0ca6e333d4366a708f76cb4c87da0

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/.python/allb	/tmp/.python/allb	allb

/tmp/.python/allb
/tmp/.python/allb
1⤵
- Writes file to tmp directory
PID:325
- ./c
  ./c 22 -b -i vmbr0 -s 10
  2⤵
  PID:329
- /bin/sleep
  sleep 2
  2⤵
  PID:330
- ./prg
  ./prg -I bios.txt -U user.txt -L pass.txt -o vuln.txt
  2⤵
  PID:331
- /bin/sleep
  sleep 5
  2⤵
  PID:332
- /bin/rm
  rm -rf bios.txt
  2⤵
  PID:333
- /bin/sleep
  sleep 1
  2⤵
  PID:334
- /bin/cat
  cat vuln.txt
  2⤵
  PID:335
- /bin/cat
  cat vuln.txt
  2⤵
  PID:336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads