Overview

overview

5

Static

static

xiang/1.sh

ubuntu-18.04-amd64

5

xiang/1.sh

debian-9-armhf

5

xiang/1.sh

debian-9-mips

5

xiang/1.sh

debian-9-mipsel

5

xiang/go.sh

windows7-x64

3

xiang/go.sh

windows10-2004-x64

3

xiang/ss

ubuntu-18.04-amd64

1

xiang/ssh-scan

ubuntu-18.04-amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee4a0656ad49fc3740b9065dfadf6a9f3a609daab7ef8c83119cd3dbcdb0f4cd

  • Size

    7.4MB

  • Sample

    221127-p67mzsdc6w

  • MD5

    67125e9c89bef24f8ce4eb52ab774868

  • SHA1

    3eeaaa5ca555c53524795766069264cae5d003ee

  • SHA256

    ee4a0656ad49fc3740b9065dfadf6a9f3a609daab7ef8c83119cd3dbcdb0f4cd

  • SHA512

    f072f097ede7db46c6188d19b8b172f40e96763ca4fa70279a98b36e030485c870b61b2aa0457bff7ef92667fe36f72a025a5a63dc11f231c334dcd306639682

  • SSDEEP

    24576:aEGq+8dJG9L4f0TYRsbalWjFm4z33bavoZ4UZZ2HQ/eMWyOinXcQ7Bs+Lb0MT:aEGq/zG9LvDbalG04rb6oZ4EQHQGMW

Score
5/10
linux

Malware Config

Targets

    • Target

      xiang/1.sh

    • Size

      404B

    • MD5

      fa4f1798d03844cc950c5c0ff1ed71a7

    • SHA1

      7b7bb83c614603989d91a77ac0405d4000a0fa75

    • SHA256

      a5b0146024e8974f15f29c835f5d2d272a199846fa04963bb05d7e0bd14620ff

    • SHA512

      e94e75ade995e3ed08e1fcff6a830dbb28e512091d72af14bbf19ae6b6a33381130bda2c9b38050e61fc9dcf82e25ba06fb8d8f15edd4edeb1a7c1a675a8139e

    Score
    5/10

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3behavioral4

    • Target

      xiang/go.sh

    • Size

      94B

    • MD5

      92c4c68480e699aa012b26c82a787248

    • SHA1

      22fabcf0079b2b4cf158e897e5a920f8eeb7692a

    • SHA256

      d87ce8ecce44c00db9606ae2185a1ed7d9585cba50e949710daa46a32da48249

    • SHA512

      7594211854756cf1a18584bf8ef792a8cd6f884d0941dc47d755355282ba324b2d498cce7b747e36081503412462a9d76b3a4d9a95c255888fc16a63e8833a5f

    Score
    3/10
    behavioral5behavioral6

    • Target

      xiang/ss

    • Size

      443KB

    • MD5

      b51a52c9c82bb4401659b4c17c60f89f

    • SHA1

      b45ae5d8d3069ee7f880dd461c931fa711b6ad3d

    • SHA256

      97093a1ef729cb954b2a63d7ccc304b18d0243e2a77d87bbbb94741a0290d762

    • SHA512

      600c956d612b9b59d9846d5e83c009b6bac646ef2ba763dd54126ddf2e1a2c86c70960dbc9f836e6cbd6c7296c3f1801151a1548af904c61375d096c23aa0f68

    • SSDEEP

      6144:gIM21beIrQCxAeQmnT3V3xNNZkYgy2CZTLdUyh:NdbeIrT9QmbVDNZkMZLdUq

    Score
    1/10
    behavioral7

    • Target

      xiang/ssh-scan

    • Size

      822KB

    • MD5

      a213ebd69fbc11d612d0374b373f65d8

    • SHA1

      4f64a5b07b0c128771ea21bf4aa15610fc6b071c

    • SHA256

      93df64cc0ff902ad1e80ada56023610ec2c44c3ecde2d36d37a3a748c7fd42bd

    • SHA512

      eb1f005984d50cfd40f26730e8206d9455c1f3560ba90338019911987d2c401e93e70c7565ac68c291a19e04d346fc01cc7b8eaa57942bbcad5d64ab543ad5a3

    • SSDEEP

      24576:U8dJG9L4f0TYRsbalWjFm4z33bavoZ4UZZ2HQ:dzG9LvDbalG04rb6oZ4EQHQ

    Score
    1/10
    behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks