Overview

overview

9

Static

static

f8cc042317...f1c506

ubuntu-18.04-amd64

5

f8cc042317...f1c506

debian-9-armhf

5

f8cc042317...f1c506

debian-9-mips

9

f8cc042317...f1c506

debian-9-mipsel

5

Analysis

  • max time kernel
    0s
  • max time network
    126s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • resource tags

    arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    25-11-2022 22:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506

  • Size

    603B

  • MD5

    cd00bcf841a3eede649d5a1797a03f5c

  • SHA1

    c35f0a6d69f6bfaa044260ed939eef4a93ff7374

  • SHA256

    f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506

  • SHA512

    2a66497bfd183b004f023b46587d930da375147ff5cc6edad3ce26c2584204798d10fa5edc25c0b246978a795c84c8998b0f50ec01d89f8682b400ae7e371706

Score
5/10
persistence

Malware Config

Signatures

  • Creates .desktop file 1 TTPs 1 IoCs

    Linux desktops like GNOME require .desktop files to register applications. Sometimes abused by malware for persistence.

    persistence
  • Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506
    /tmp/f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506
    1⤵
    • Writes file to tmp directory
    PID:355
    • /sbin/fdisk
      fdisk /dev/vda
      2⤵
        PID:364
      • /bin/rm
        rm -rf hd
        2⤵
          PID:366
        • /sbin/mkfs.ext2
          mkfs.ext2 /dev/vda1
          2⤵
          • Reads runtime system information
          PID:365
        • /bin/mkdir
          mkdir hd
          2⤵
          • Reads runtime system information
          PID:367
        • /bin/mount
          mount /dev/vda1 hd
          2⤵
          • Reads runtime system information
          PID:369
        • /bin/rm
          rm -rf hd/bin hd/boot hd/dev hd/etc hd/home hd/lib hd/lost+found hd/media hd/mnt hd/opt hd/proc hd/root hd/run hd/sbin hd/srv hd/sys hd/tmp hd/usr hd/var
          2⤵
          • Creates .desktop file
          • Enumerates kernel/hardware configuration
          PID:372
        • /bin/mkdir
          mkdir hd/boot hd/boot/grub
          2⤵
            PID:384
        • /sbin/fdisk
          fdisk -l
          1⤵
          • Reads runtime system information
          PID:357
        • /bin/grep
          grep -m 1 Disk
          1⤵
            PID:358
          • /usr/bin/awk
            awk -F: "{print \$1}"
            1⤵
              PID:360
            • /usr/bin/awk
              awk "{print \$2}"
              1⤵
                PID:359

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads