5627f804b2c00d31c23e3345018849a12d3ef0f0eefe59c253c1e7f755e623c4

Analysis

max time kernel
0s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221111-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
26-11-2022 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.oldTeam/rand
Size

182B
MD5

1801f2049d5c7f2a028c69244f0ef62c
SHA1

de3ca4c93f68f51150bbd05542e23867d3acf0b5
SHA256

a350c9d728c1f4220e45b21e32c7f21d83cdbaec05100474bdad6fd718cb75e2
SHA512

0e600d1a2388823b49722394979700d88fe7a151098727097989d309a41f745ed8a4a1033fc78dc32c544b614c6221109d0561e1f1bbb4c721ad4b214b1f7225

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/.oldTeam/rand	/tmp/.oldTeam/rand	rand

/tmp/.oldTeam/rand
/tmp/.oldTeam/rand
1⤵
- Writes file to tmp directory
PID:613
- ./scanA
  ./scanA 20
  2⤵
  PID:614
- ./scanA
  ./scanA 150
  2⤵
  PID:615
- ./scanA
  ./scanA 30
  2⤵
  PID:616
- ./scanA
  ./scanA 246
  2⤵
  PID:617
- ./scanA
  ./scanA 120
  2⤵
  PID:618
- ./scanA
  ./scanA 214
  2⤵
  PID:619
- ./scanA
  ./scanA 17
  2⤵
  PID:620
- ./scanA
  ./scanA 188
  2⤵
  PID:621
- ./scanA
  ./scanA 164
  2⤵
  PID:622
- ./scanA
  ./scanA 240
  2⤵
  PID:623
- ./scanA
  ./scanA 161
  2⤵
  PID:624
- ./scanA
  ./scanA 100
  2⤵
  PID:625
- ./scanA
  ./scanA 174
  2⤵
  PID:626
- ./scanA
  ./scanA 239
  2⤵
  PID:627
- ./scanA
  ./scanA 64
  2⤵
  PID:628
- ./scanA
  ./scanA 164
  2⤵
  PID:629
- ./scanA
  ./scanA 229
  2⤵
  PID:630
- ./scanA
  ./scanA 102
  2⤵
  PID:631
- ./scanA
  ./scanA 214
  2⤵
  PID:632
- ./scanA
  ./scanA 170
  2⤵
  PID:633
- ./scanA
  ./scanA 38
  2⤵
  PID:634
- ./scanA
  ./scanA 253
  2⤵
  PID:639
- ./scanA
  ./scanA 199
  2⤵
  PID:640
- ./scanA
  ./scanA 111
  2⤵
  PID:641
- ./scanA
  ./scanA 199
  2⤵
  PID:642
- ./scanA
  ./scanA 83
  2⤵
  PID:643
- ./scanA
  ./scanA 227
  2⤵
  PID:644
- ./scanA
  ./scanA 196
  2⤵
  PID:645
- ./scanA
  ./scanA 35
  2⤵
  PID:646
- ./scanA
  ./scanA 16
  2⤵
  PID:647
- ./scanA
  ./scanA 20
  2⤵
  PID:648
- ./scanA
  ./scanA 3
  2⤵
  PID:649
- ./scanA
  ./scanA 59
  2⤵
  PID:650
- ./scanA
  ./scanA 201
  2⤵
  PID:651
- ./scanA
  ./scanA 112
  2⤵
  PID:652
- ./scanA
  ./scanA 109
  2⤵
  PID:653
- ./scanA
  ./scanA 110
  2⤵
  PID:654
- ./scanA
  ./scanA 186
  2⤵
  PID:655
- ./scanA
  ./scanA 28
  2⤵
  PID:656
- ./scanA
  ./scanA 48
  2⤵
  PID:657
- ./scanA
  ./scanA 134
  2⤵
  PID:658
- ./scanA
  ./scanA 142
  2⤵
  PID:659
- ./scanA
  ./scanA 238
  2⤵
  PID:660
- ./scanA
  ./scanA 83
  2⤵
  PID:661
- ./scanA
  ./scanA 230
  2⤵
  PID:662
- ./scanA
  ./scanA 24
  2⤵
  PID:663
- ./scanA
  ./scanA 24
  2⤵
  PID:664
- ./scanA
  ./scanA 57
  2⤵
  PID:665
- ./scanA
  ./scanA 128
  2⤵
  PID:666
- ./scanA
  ./scanA 124
  2⤵
  PID:667
- ./scanA
  ./scanA 86
  2⤵
  PID:668
- ./scanA
  ./scanA 152
  2⤵
  PID:669
- ./scanA
  ./scanA 34
  2⤵
  PID:670
- ./scanA
  ./scanA 246
  2⤵
  PID:671
- ./scanA
  ./scanA 181
  2⤵
  PID:672
- ./scanA
  ./scanA 61
  2⤵
  PID:673
- ./scanA
  ./scanA 251
  2⤵
  PID:674
- ./scanA
  ./scanA 94
  2⤵
  PID:675
- ./scanA
  ./scanA 94
  2⤵
  PID:676
- ./scanA
  ./scanA 98
  2⤵
  PID:677
- ./scanA
  ./scanA 160
  2⤵
  PID:678
- ./scanA
  ./scanA 105
  2⤵
  PID:679
- ./scanA
  ./scanA 44
  2⤵
  PID:680
- ./scanA
  ./scanA 174
  2⤵
  PID:681
- ./scanA
  ./scanA 121
  2⤵
  PID:682
- ./scanA
  ./scanA 91
  2⤵
  PID:683
- ./scanA
  ./scanA 68
  2⤵
  PID:684
- ./scanA
  ./scanA 139
  2⤵
  PID:685
- ./scanA
  ./scanA 92
  2⤵
  PID:686
- ./scanA
  ./scanA 115
  2⤵
  PID:687
- ./scanA
  ./scanA 119
  2⤵
  PID:688
- ./scanA
  ./scanA 235
  2⤵
  PID:689
- ./scanA
  ./scanA 53
  2⤵
  PID:690
- ./scanA
  ./scanA 187
  2⤵
  PID:691
- ./scanA
  ./scanA 193
  2⤵
  PID:692
- ./scanA
  ./scanA 187
  2⤵
  PID:693
- ./scanA
  ./scanA 169
  2⤵
  PID:694
- ./scanA
  ./scanA 184
  2⤵
  PID:695
- ./scanA
  ./scanA 41
  2⤵
  PID:696
- ./scanA
  ./scanA 253
  2⤵
  PID:697
- ./scanA
  ./scanA 92
  2⤵
  PID:698
- ./scanA
  ./scanA 115
  2⤵
  PID:699
- ./scanA
  ./scanA 222
  2⤵
  PID:700
- ./scanA
  ./scanA 252
  2⤵
  PID:701
- ./scanA
  ./scanA 121
  2⤵
  PID:702
- ./scanA
  ./scanA 190
  2⤵
  PID:703
- ./scanA
  ./scanA 220
  2⤵
  PID:704
- ./scanA
  ./scanA 89
  2⤵
  PID:705
- ./scanA
  ./scanA 203
  2⤵
  PID:706
- ./scanA
  ./scanA 170
  2⤵
  PID:707
- ./scanA
  ./scanA 15
  2⤵
  PID:708
- ./scanA
  ./scanA 142
  2⤵
  PID:709
- ./scanA
  ./scanA 29
  2⤵
  PID:710
- ./scanA
  ./scanA 97
  2⤵
  PID:711
- ./scanA
  ./scanA 116
  2⤵
  PID:712
- ./scanA
  ./scanA 199
  2⤵
  PID:713
- ./scanA
  ./scanA 142
  2⤵
  PID:714
- ./scanA
  ./scanA 21
  2⤵
  PID:715
- ./scanA
  ./scanA 97
  2⤵
  PID:716
- ./scanA
  ./scanA 67
  2⤵
  PID:717
- ./scanA
  ./scanA 31
  2⤵
  PID:718
- ./scanA
  ./scanA 112
  2⤵
  PID:719
- ./scanA
  ./scanA 170
  2⤵
  PID:720
- ./scanA
  ./scanA 28
  2⤵
  PID:721
- ./scanA
  ./scanA 143
  2⤵
  PID:722
- ./scanA
  ./scanA 173
  2⤵
  PID:723
- ./scanA
  ./scanA 214
  2⤵
  PID:724
- ./scanA
  ./scanA 28
  2⤵
  PID:725
- ./scanA
  ./scanA 16
  2⤵
  PID:726
- ./scanA
  ./scanA 208
  2⤵
  PID:727
- ./scanA
  ./scanA 198
  2⤵
  PID:728
- ./scanA
  ./scanA 69
  2⤵
  PID:729
- ./scanA
  ./scanA 151
  2⤵
  PID:730
- ./scanA
  ./scanA 149
  2⤵
  PID:731
- ./scanA
  ./scanA 167
  2⤵
  PID:732
- ./scanA
  ./scanA 100
  2⤵
  PID:733
- ./scanA
  ./scanA 185
  2⤵
  PID:734
- ./scanA
  ./scanA 91
  2⤵
  PID:735
- ./scanA
  ./scanA 19
  2⤵
  PID:736
- ./scanA
  ./scanA 21
  2⤵
  PID:737
- ./scanA
  ./scanA 156
  2⤵
  PID:738
- ./scanA
  ./scanA 17
  2⤵
  PID:739
- ./scanA
  ./scanA 64
  2⤵
  PID:740
- ./scanA
  ./scanA 146
  2⤵
  PID:741
- ./scanA
  ./scanA 27
  2⤵
  PID:742
- ./scanA
  ./scanA 45
  2⤵
  PID:743
- ./scanA
  ./scanA 240
  2⤵
  PID:744
- ./scanA
  ./scanA 42
  2⤵
  PID:745
- ./scanA
  ./scanA 16
  2⤵
  PID:746
- ./scanA
  ./scanA 167
  2⤵
  PID:747
- ./scanA
  ./scanA 217
  2⤵
  PID:748
- ./scanA
  ./scanA 109
  2⤵
  PID:749
- ./scanA
  ./scanA 145
  2⤵
  PID:750
- ./scanA
  ./scanA 208
  2⤵
  PID:751
- ./scanA
  ./scanA 101
  2⤵
  PID:752
- ./scanA
  ./scanA 229
  2⤵
  PID:753
- ./scanA
  ./scanA 208
  2⤵
  PID:754
- ./scanA
  ./scanA 26
  2⤵
  PID:755
- ./scanA
  ./scanA 113
  2⤵
  PID:756
- ./scanA
  ./scanA 173
  2⤵
  PID:757
- ./scanA
  ./scanA 243
  2⤵
  PID:758
- ./scanA
  ./scanA 122
  2⤵
  PID:759
- ./scanA
  ./scanA 158
  2⤵
  PID:760
- ./scanA
  ./scanA 9
  2⤵
  PID:761
- ./scanA
  ./scanA 190
  2⤵
  PID:762
- ./scanA
  ./scanA 44
  2⤵
  PID:763
- ./scanA
  ./scanA 27
  2⤵
  PID:764
- ./scanA
  ./scanA 236
  2⤵
  PID:765
- ./scanA
  ./scanA 153
  2⤵
  PID:766
- ./scanA
  ./scanA 53
  2⤵
  PID:767
- ./scanA
  ./scanA 128
  2⤵
  PID:768
- ./scanA
  ./scanA 116
  2⤵
  PID:769
- ./scanA
  ./scanA 170
  2⤵
  PID:770
- ./scanA
  ./scanA 159
  2⤵
  PID:771
- ./scanA
  ./scanA 98
  2⤵
  PID:772
- ./scanA
  ./scanA 192
  2⤵
  PID:773
- ./scanA
  ./scanA 131
  2⤵
  PID:774
- ./scanA
  ./scanA 242
  2⤵
  PID:775
- ./scanA
  ./scanA 223
  2⤵
  PID:776
- ./scanA
  ./scanA 16
  2⤵
  PID:777
- ./scanA
  ./scanA 100
  2⤵
  PID:778
- ./scanA
  ./scanA 114
  2⤵
  PID:779
- ./scanA
  ./scanA 144
  2⤵
  PID:780
- ./scanA
  ./scanA 48
  2⤵
  PID:781
- ./scanA
  ./scanA 82
  2⤵
  PID:782
- ./scanA
  ./scanA 160
  2⤵
  PID:783
- ./scanA
  ./scanA 181
  2⤵
  PID:784
- ./scanA
  ./scanA 244
  2⤵
  PID:785
- ./scanA
  ./scanA 21
  2⤵
  PID:786
- ./scanA
  ./scanA 158
  2⤵
  PID:787
- ./scanA
  ./scanA 230
  2⤵
  PID:788
- ./scanA
  ./scanA 101
  2⤵
  PID:789
- ./scanA
  ./scanA 46
  2⤵
  PID:790
- ./scanA
  ./scanA 79
  2⤵
  PID:791
- ./scanA
  ./scanA 26
  2⤵
  PID:792
- ./scanA
  ./scanA 91
  2⤵
  PID:793
- ./scanA
  ./scanA 107
  2⤵
  PID:794
- ./scanA
  ./scanA 168
  2⤵
  PID:795
- ./scanA
  ./scanA 123
  2⤵
  PID:796
- ./scanA
  ./scanA 139
  2⤵
  PID:797
- ./scanA
  ./scanA 144
  2⤵
  PID:798
- ./scanA
  ./scanA 60
  2⤵
  PID:799
- ./scanA
  ./scanA 135
  2⤵
  PID:800
- ./scanA
  ./scanA 203
  2⤵
  PID:801
- ./scanA
  ./scanA 170
  2⤵
  PID:802
- ./scanA
  ./scanA 248
  2⤵
  PID:803
- ./scanA
  ./scanA 193
  2⤵
  PID:804
- ./scanA
  ./scanA 243
  2⤵
  PID:805
- ./scanA
  ./scanA 207
  2⤵
  PID:806
- ./scanA
  ./scanA 230
  2⤵
  PID:807
- ./scanA
  ./scanA 52
  2⤵
  PID:808
- ./scanA
  ./scanA 78
  2⤵
  PID:809
- ./scanA
  ./scanA 46
  2⤵
  PID:810
- ./scanA
  ./scanA 165
  2⤵
  PID:811
- ./scanA
  ./scanA 64
  2⤵
  PID:812
- ./scanA
  ./scanA 225
  2⤵
  PID:813
- ./scanA
  ./scanA 128
  2⤵
  PID:814
- ./scanA
  ./scanA 32
  2⤵
  PID:815
- ./scanA
  ./scanA 145
  2⤵
  PID:816
- ./scanA
  ./scanA 201
  2⤵
  PID:817
- ./scanA
  ./scanA 221
  2⤵
  PID:818
- ./scanA
  ./scanA 24
  2⤵
  PID:819
- ./scanA
  ./scanA 158
  2⤵
  PID:820

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads