56ccf3b59a67462f97935e4d9b8feeed7a19eca690879ade97781b9c5029b25e

Analysis

max time kernel
0s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
26-11-2022 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.oldTeam/rand
Size

182B
MD5

1801f2049d5c7f2a028c69244f0ef62c
SHA1

de3ca4c93f68f51150bbd05542e23867d3acf0b5
SHA256

a350c9d728c1f4220e45b21e32c7f21d83cdbaec05100474bdad6fd718cb75e2
SHA512

0e600d1a2388823b49722394979700d88fe7a151098727097989d309a41f745ed8a4a1033fc78dc32c544b614c6221109d0561e1f1bbb4c721ad4b214b1f7225

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/.oldTeam/rand	/tmp/.oldTeam/rand	rand

/tmp/.oldTeam/rand
/tmp/.oldTeam/rand
1⤵
- Writes file to tmp directory
PID:593
- ./scanA
  ./scanA 63
  2⤵
  PID:594
- ./scanA
  ./scanA 22
  2⤵
  PID:595
- ./scanA
  ./scanA 99
  2⤵
  PID:596
- ./scanA
  ./scanA 204
  2⤵
  PID:597
- ./scanA
  ./scanA 146
  2⤵
  PID:598
- ./scanA
  ./scanA 221
  2⤵
  PID:599
- ./scanA
  ./scanA 118
  2⤵
  PID:600
- ./scanA
  ./scanA 59
  2⤵
  PID:601
- ./scanA
  ./scanA 229
  2⤵
  PID:602
- ./scanA
  ./scanA 157
  2⤵
  PID:603
- ./scanA
  ./scanA 122
  2⤵
  PID:604
- ./scanA
  ./scanA 171
  2⤵
  PID:605
- ./scanA
  ./scanA 191
  2⤵
  PID:606
- ./scanA
  ./scanA 238
  2⤵
  PID:607
- ./scanA
  ./scanA 160
  2⤵
  PID:608
- ./scanA
  ./scanA 38
  2⤵
  PID:609
- ./scanA
  ./scanA 140
  2⤵
  PID:610
- ./scanA
  ./scanA 212
  2⤵
  PID:611
- ./scanA
  ./scanA 143
  2⤵
  PID:612
- ./scanA
  ./scanA 35
  2⤵
  PID:613
- ./scanA
  ./scanA 94
  2⤵
  PID:614
- ./scanA
  ./scanA 107
  2⤵
  PID:615
- ./scanA
  ./scanA 178
  2⤵
  PID:616
- ./scanA
  ./scanA 154
  2⤵
  PID:617
- ./scanA
  ./scanA 174
  2⤵
  PID:618
- ./scanA
  ./scanA 168
  2⤵
  PID:619
- ./scanA
  ./scanA 249
  2⤵
  PID:620
- ./scanA
  ./scanA 206
  2⤵
  PID:621
- ./scanA
  ./scanA 247
  2⤵
  PID:626
- ./scanA
  ./scanA 175
  2⤵
  PID:627
- ./scanA
  ./scanA 75
  2⤵
  PID:628
- ./scanA
  ./scanA 234
  2⤵
  PID:629
- ./scanA
  ./scanA 42
  2⤵
  PID:630
- ./scanA
  ./scanA 69
  2⤵
  PID:631
- ./scanA
  ./scanA 61
  2⤵
  PID:632
- ./scanA
  ./scanA 146
  2⤵
  PID:633
- ./scanA
  ./scanA 129
  2⤵
  PID:634
- ./scanA
  ./scanA 206
  2⤵
  PID:635
- ./scanA
  ./scanA 103
  2⤵
  PID:636
- ./scanA
  ./scanA 190
  2⤵
  PID:637
- ./scanA
  ./scanA 206
  2⤵
  PID:638
- ./scanA
  ./scanA 82
  2⤵
  PID:639
- ./scanA
  ./scanA 172
  2⤵
  PID:640
- ./scanA
  ./scanA 57
  2⤵
  PID:641
- ./scanA
  ./scanA 173
  2⤵
  PID:642
- ./scanA
  ./scanA 225
  2⤵
  PID:643
- ./scanA
  ./scanA 159
  2⤵
  PID:644
- ./scanA
  ./scanA 15
  2⤵
  PID:645
- ./scanA
  ./scanA 82
  2⤵
  PID:646
- ./scanA
  ./scanA 39
  2⤵
  PID:647
- ./scanA
  ./scanA 189
  2⤵
  PID:648
- ./scanA
  ./scanA 25
  2⤵
  PID:649
- ./scanA
  ./scanA 183
  2⤵
  PID:650
- ./scanA
  ./scanA 244
  2⤵
  PID:651
- ./scanA
  ./scanA 75
  2⤵
  PID:652
- ./scanA
  ./scanA 167
  2⤵
  PID:653
- ./scanA
  ./scanA 162
  2⤵
  PID:654
- ./scanA
  ./scanA 117
  2⤵
  PID:655
- ./scanA
  ./scanA 94
  2⤵
  PID:656
- ./scanA
  ./scanA 13
  2⤵
  PID:657
- ./scanA
  ./scanA 179
  2⤵
  PID:658
- ./scanA
  ./scanA 240
  2⤵
  PID:659
- ./scanA
  ./scanA 46
  2⤵
  PID:660
- ./scanA
  ./scanA 248
  2⤵
  PID:661
- ./scanA
  ./scanA 221
  2⤵
  PID:662
- ./scanA
  ./scanA 31
  2⤵
  PID:663
- ./scanA
  ./scanA 34
  2⤵
  PID:664
- ./scanA
  ./scanA 126
  2⤵
  PID:665
- ./scanA
  ./scanA 89
  2⤵
  PID:666
- ./scanA
  ./scanA 58
  2⤵
  PID:667
- ./scanA
  ./scanA 216
  2⤵
  PID:668
- ./scanA
  ./scanA 181
  2⤵
  PID:669
- ./scanA
  ./scanA 197
  2⤵
  PID:670
- ./scanA
  ./scanA 239
  2⤵
  PID:671
- ./scanA
  ./scanA 29
  2⤵
  PID:672
- ./scanA
  ./scanA 93
  2⤵
  PID:673
- ./scanA
  ./scanA 170
  2⤵
  PID:674
- ./scanA
  ./scanA 178
  2⤵
  PID:675
- ./scanA
  ./scanA 115
  2⤵
  PID:676
- ./scanA
  ./scanA 198
  2⤵
  PID:677
- ./scanA
  ./scanA 68
  2⤵
  PID:678
- ./scanA
  ./scanA 81
  2⤵
  PID:679
- ./scanA
  ./scanA 154
  2⤵
  PID:680
- ./scanA
  ./scanA 71
  2⤵
  PID:681
- ./scanA
  ./scanA 61
  2⤵
  PID:682
- ./scanA
  ./scanA 137
  2⤵
  PID:683
- ./scanA
  ./scanA 102
  2⤵
  PID:684
- ./scanA
  ./scanA 245
  2⤵
  PID:685
- ./scanA
  ./scanA 215
  2⤵
  PID:686
- ./scanA
  ./scanA 220
  2⤵
  PID:687
- ./scanA
  ./scanA 245
  2⤵
  PID:688
- ./scanA
  ./scanA 182
  2⤵
  PID:689
- ./scanA
  ./scanA 7
  2⤵
  PID:690
- ./scanA
  ./scanA 242
  2⤵
  PID:691
- ./scanA
  ./scanA 193
  2⤵
  PID:692
- ./scanA
  ./scanA 15
  2⤵
  PID:693
- ./scanA
  ./scanA 232
  2⤵
  PID:694
- ./scanA
  ./scanA 138
  2⤵
  PID:695
- ./scanA
  ./scanA 234
  2⤵
  PID:696
- ./scanA
  ./scanA 30
  2⤵
  PID:697
- ./scanA
  ./scanA 93
  2⤵
  PID:698
- ./scanA
  ./scanA 109
  2⤵
  PID:699
- ./scanA
  ./scanA 56
  2⤵
  PID:700
- ./scanA
  ./scanA 145
  2⤵
  PID:701
- ./scanA
  ./scanA 65
  2⤵
  PID:702
- ./scanA
  ./scanA 174
  2⤵
  PID:703
- ./scanA
  ./scanA 81
  2⤵
  PID:704
- ./scanA
  ./scanA 42
  2⤵
  PID:705
- ./scanA
  ./scanA 129
  2⤵
  PID:706
- ./scanA
  ./scanA 115
  2⤵
  PID:707
- ./scanA
  ./scanA 182
  2⤵
  PID:708
- ./scanA
  ./scanA 31
  2⤵
  PID:709
- ./scanA
  ./scanA 76
  2⤵
  PID:710
- ./scanA
  ./scanA 5
  2⤵
  PID:711
- ./scanA
  ./scanA 19
  2⤵
  PID:712
- ./scanA
  ./scanA 67
  2⤵
  PID:713
- ./scanA
  ./scanA 35
  2⤵
  PID:714
- ./scanA
  ./scanA 253
  2⤵
  PID:715
- ./scanA
  ./scanA 227
  2⤵
  PID:716
- ./scanA
  ./scanA 25
  2⤵
  PID:717
- ./scanA
  ./scanA 173
  2⤵
  PID:718
- ./scanA
  ./scanA 227
  2⤵
  PID:719
- ./scanA
  ./scanA 114
  2⤵
  PID:720
- ./scanA
  ./scanA 148
  2⤵
  PID:721
- ./scanA
  ./scanA 34
  2⤵
  PID:722
- ./scanA
  ./scanA 88
  2⤵
  PID:723
- ./scanA
  ./scanA 222
  2⤵
  PID:724
- ./scanA
  ./scanA 39
  2⤵
  PID:725
- ./scanA
  ./scanA 186
  2⤵
  PID:726
- ./scanA
  ./scanA 178
  2⤵
  PID:727
- ./scanA
  ./scanA 195
  2⤵
  PID:728
- ./scanA
  ./scanA 148
  2⤵
  PID:729
- ./scanA
  ./scanA 239
  2⤵
  PID:730
- ./scanA
  ./scanA 180
  2⤵
  PID:731
- ./scanA
  ./scanA 65
  2⤵
  PID:732
- ./scanA
  ./scanA 31
  2⤵
  PID:733
- ./scanA
  ./scanA 222
  2⤵
  PID:734
- ./scanA
  ./scanA 139
  2⤵
  PID:735
- ./scanA
  ./scanA 208
  2⤵
  PID:736
- ./scanA
  ./scanA 202
  2⤵
  PID:737
- ./scanA
  ./scanA 222
  2⤵
  PID:738
- ./scanA
  ./scanA 24
  2⤵
  PID:739
- ./scanA
  ./scanA 95
  2⤵
  PID:740
- ./scanA
  ./scanA 175
  2⤵
  PID:741
- ./scanA
  ./scanA 83
  2⤵
  PID:742
- ./scanA
  ./scanA 242
  2⤵
  PID:743
- ./scanA
  ./scanA 181
  2⤵
  PID:744
- ./scanA
  ./scanA 186
  2⤵
  PID:745
- ./scanA
  ./scanA 103
  2⤵
  PID:746
- ./scanA
  ./scanA 211
  2⤵
  PID:747
- ./scanA
  ./scanA 12
  2⤵
  PID:748
- ./scanA
  ./scanA 123
  2⤵
  PID:749
- ./scanA
  ./scanA 229
  2⤵
  PID:750
- ./scanA
  ./scanA 149
  2⤵
  PID:751
- ./scanA
  ./scanA 236
  2⤵
  PID:752
- ./scanA
  ./scanA 39
  2⤵
  PID:753
- ./scanA
  ./scanA 40
  2⤵
  PID:754
- ./scanA
  ./scanA 87
  2⤵
  PID:755
- ./scanA
  ./scanA 25
  2⤵
  PID:756
- ./scanA
  ./scanA 174
  2⤵
  PID:757
- ./scanA
  ./scanA 64
  2⤵
  PID:758
- ./scanA
  ./scanA 77
  2⤵
  PID:759
- ./scanA
  ./scanA 247
  2⤵
  PID:760
- ./scanA
  ./scanA 167
  2⤵
  PID:761
- ./scanA
  ./scanA 124
  2⤵
  PID:762
- ./scanA
  ./scanA 97
  2⤵
  PID:763
- ./scanA
  ./scanA 11
  2⤵
  PID:764
- ./scanA
  ./scanA 234
  2⤵
  PID:765
- ./scanA
  ./scanA 183
  2⤵
  PID:766
- ./scanA
  ./scanA 68
  2⤵
  PID:767
- ./scanA
  ./scanA 32
  2⤵
  PID:768
- ./scanA
  ./scanA 202
  2⤵
  PID:769
- ./scanA
  ./scanA 180
  2⤵
  PID:770
- ./scanA
  ./scanA 91
  2⤵
  PID:771
- ./scanA
  ./scanA 154
  2⤵
  PID:772
- ./scanA
  ./scanA 218
  2⤵
  PID:773
- ./scanA
  ./scanA 78
  2⤵
  PID:774
- ./scanA
  ./scanA 43
  2⤵
  PID:775
- ./scanA
  ./scanA 218
  2⤵
  PID:776
- ./scanA
  ./scanA 0
  2⤵
  PID:777
- ./scanA
  ./scanA 161
  2⤵
  PID:778
- ./scanA
  ./scanA 91
  2⤵
  PID:779
- ./scanA
  ./scanA 251
  2⤵
  PID:780
- ./scanA
  ./scanA 170
  2⤵
  PID:781
- ./scanA
  ./scanA 13
  2⤵
  PID:782
- ./scanA
  ./scanA 56
  2⤵
  PID:783
- ./scanA
  ./scanA 142
  2⤵
  PID:784
- ./scanA
  ./scanA 98
  2⤵
  PID:785
- ./scanA
  ./scanA 236
  2⤵
  PID:786
- ./scanA
  ./scanA 13
  2⤵
  PID:787
- ./scanA
  ./scanA 190
  2⤵
  PID:788
- ./scanA
  ./scanA 15
  2⤵
  PID:789
- ./scanA
  ./scanA 65
  2⤵
  PID:790
- ./scanA
  ./scanA 144
  2⤵
  PID:791
- ./scanA
  ./scanA 198
  2⤵
  PID:792
- ./scanA
  ./scanA 241
  2⤵
  PID:793
- ./scanA
  ./scanA 32
  2⤵
  PID:794
- ./scanA
  ./scanA 93
  2⤵
  PID:795
- ./scanA
  ./scanA 117
  2⤵
  PID:796
- ./scanA
  ./scanA 154
  2⤵
  PID:797
- ./scanA
  ./scanA 36
  2⤵
  PID:798
- ./scanA
  ./scanA 97
  2⤵
  PID:799
- ./scanA
  ./scanA 215
  2⤵
  PID:800

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads