Overview

overview

6

Static

static

cf79606eae...9b8dea

ubuntu-18.04-amd64

6

cf79606eae...9b8dea

debian-9-armhf

6

cf79606eae...9b8dea

debian-9-mips

6

cf79606eae...9b8dea

debian-9-mipsel

6

Analysis

  • max time kernel
    30454s
  • max time network
    103s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    25-11-2022 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf79606eae2e092774cd526aab8792b57ad36b6ab85cd7522cf04f57289b8dea

  • Size

    1KB

  • MD5

    3b2586fd81c0ca699acfa342ca7e248f

  • SHA1

    25d0f7abafe4e229c1aeaed0137988628263f63d

  • SHA256

    cf79606eae2e092774cd526aab8792b57ad36b6ab85cd7522cf04f57289b8dea

  • SHA512

    eb969364b7b884a2038180d2b6511db1eca0abff69147f63750347d3b9dc0ec37689939927f398e86acdb74e630fe7a071462e739cc502d8e26b2b3f3c37086d

Score
6/10

Malware Config

Signatures

  • Reads CPU attributes 1 TTPs 3 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/cf79606eae2e092774cd526aab8792b57ad36b6ab85cd7522cf04f57289b8dea
    /tmp/cf79606eae2e092774cd526aab8792b57ad36b6ab85cd7522cf04f57289b8dea
    1⤵
    • Writes file to tmp directory
    PID:593
    • /bin/date
      date
      2⤵
        PID:594
      • /usr/bin/expr
        expr 0
        2⤵
          PID:601
        • /usr/bin/killall
          /usr/bin/killall -9 xDown.sh
          2⤵
          • Reads runtime system information
          PID:602
        • /apps/www/htdocs/nm/xDown.sh
          /apps/www/htdocs/nm/xDown.sh
          2⤵
            PID:603
          • /bin/sleep
            sleep 60
            2⤵
              PID:604
            • /bin/date
              date
              2⤵
                PID:610
              • /usr/bin/expr
                expr 0
                2⤵
                  PID:617
                • /usr/bin/killall
                  /usr/bin/killall -9 xDown.sh
                  2⤵
                  • Reads runtime system information
                  PID:618
                • /apps/www/htdocs/nm/xDown.sh
                  /apps/www/htdocs/nm/xDown.sh
                  2⤵
                    PID:619
                  • /bin/sleep
                    sleep 60
                    2⤵
                      PID:620
                    • /bin/date
                      date
                      2⤵
                        PID:736
                      • /usr/bin/expr
                        expr 0
                        2⤵
                          PID:743
                        • /usr/bin/killall
                          /usr/bin/killall -9 xDown.sh
                          2⤵
                          • Reads runtime system information
                          PID:744
                        • /apps/www/htdocs/nm/xDown.sh
                          /apps/www/htdocs/nm/xDown.sh
                          2⤵
                            PID:745
                        • /bin/ps
                          ps wuxm
                          1⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:596
                        • /bin/grep
                          grep xDown.sh
                          1⤵
                            PID:597
                          • /bin/grep
                            grep -v grep
                            1⤵
                              PID:598
                            • /bin/grep
                              grep -v defunct
                              1⤵
                                PID:599
                              • /usr/bin/wc
                                wc -l
                                1⤵
                                  PID:600
                                • /bin/ps
                                  ps wuxm
                                  1⤵
                                  • Reads CPU attributes
                                  • Reads runtime system information
                                  PID:612
                                • /bin/grep
                                  grep xDown.sh
                                  1⤵
                                    PID:613
                                  • /bin/grep
                                    grep -v grep
                                    1⤵
                                      PID:614
                                    • /bin/grep
                                      grep -v defunct
                                      1⤵
                                        PID:615
                                      • /usr/bin/wc
                                        wc -l
                                        1⤵
                                          PID:616
                                        • /bin/ps
                                          ps wuxm
                                          1⤵
                                          • Reads CPU attributes
                                          • Reads runtime system information
                                          PID:738
                                        • /bin/grep
                                          grep xDown.sh
                                          1⤵
                                            PID:739
                                          • /bin/grep
                                            grep -v grep
                                            1⤵
                                              PID:740
                                            • /bin/grep
                                              grep -v defunct
                                              1⤵
                                                PID:741
                                              • /usr/bin/wc
                                                wc -l
                                                1⤵
                                                  PID:742

                                                Network

                                                MITRE ATT&CK Enterprise v6

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads