Overview

overview

5

Static

static

xiang/1.sh

ubuntu-18.04-amd64

5

xiang/1.sh

debian-9-armhf

5

xiang/1.sh

debian-9-mips

5

xiang/1.sh

debian-9-mipsel

5

xiang/go.sh

windows7-x64

3

xiang/go.sh

windows10-2004-x64

3

xiang/ss

ubuntu-18.04-amd64

1

xiang/ssh-scan

ubuntu-18.04-amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d65afdfbceb9474e00196c7368eaee5877bb5b5217d7ee08026b9fc789660001

  • Size

    1.8MB

  • Sample

    221127-p7drasdc7x

  • MD5

    043e667ca2d073aecf1d0d8949c7fdab

  • SHA1

    cf822fc3e70d5cd852df3ac650e5e8eed5557e0c

  • SHA256

    d65afdfbceb9474e00196c7368eaee5877bb5b5217d7ee08026b9fc789660001

  • SHA512

    4432c9bfdea5cf12893e87e93724ec8962b86da62a96ce4c04d272062fb00330759e3ede7cdb620af80636b7f2b4ab535a1bfe28380e2042f91e76c257933a70

  • SSDEEP

    49152:PK9bJI+9NJkTRtG8lsCq2Sp5DLOSLnCk0eM:Pf+9NS9MGHqFp5d7M

Score
5/10
linux

Malware Config

Targets

    • Target

      xiang/1.sh

    • Size

      404B

    • MD5

      fa4f1798d03844cc950c5c0ff1ed71a7

    • SHA1

      7b7bb83c614603989d91a77ac0405d4000a0fa75

    • SHA256

      a5b0146024e8974f15f29c835f5d2d272a199846fa04963bb05d7e0bd14620ff

    • SHA512

      e94e75ade995e3ed08e1fcff6a830dbb28e512091d72af14bbf19ae6b6a33381130bda2c9b38050e61fc9dcf82e25ba06fb8d8f15edd4edeb1a7c1a675a8139e

    Score
    5/10

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3behavioral4

    • Target

      xiang/go.sh

    • Size

      94B

    • MD5

      92c4c68480e699aa012b26c82a787248

    • SHA1

      22fabcf0079b2b4cf158e897e5a920f8eeb7692a

    • SHA256

      d87ce8ecce44c00db9606ae2185a1ed7d9585cba50e949710daa46a32da48249

    • SHA512

      7594211854756cf1a18584bf8ef792a8cd6f884d0941dc47d755355282ba324b2d498cce7b747e36081503412462a9d76b3a4d9a95c255888fc16a63e8833a5f

    Score
    3/10
    behavioral5behavioral6

    • Target

      xiang/ss

    • Size

      443KB

    • MD5

      b51a52c9c82bb4401659b4c17c60f89f

    • SHA1

      b45ae5d8d3069ee7f880dd461c931fa711b6ad3d

    • SHA256

      97093a1ef729cb954b2a63d7ccc304b18d0243e2a77d87bbbb94741a0290d762

    • SHA512

      600c956d612b9b59d9846d5e83c009b6bac646ef2ba763dd54126ddf2e1a2c86c70960dbc9f836e6cbd6c7296c3f1801151a1548af904c61375d096c23aa0f68

    • SSDEEP

      6144:gIM21beIrQCxAeQmnT3V3xNNZkYgy2CZTLdUyh:NdbeIrT9QmbVDNZkMZLdUq

    Score
    1/10
    behavioral7

    • Target

      xiang/ssh-scan

    • Size

      822KB

    • MD5

      a213ebd69fbc11d612d0374b373f65d8

    • SHA1

      4f64a5b07b0c128771ea21bf4aa15610fc6b071c

    • SHA256

      93df64cc0ff902ad1e80ada56023610ec2c44c3ecde2d36d37a3a748c7fd42bd

    • SHA512

      eb1f005984d50cfd40f26730e8206d9455c1f3560ba90338019911987d2c401e93e70c7565ac68c291a19e04d346fc01cc7b8eaa57942bbcad5d64ab543ad5a3

    • SSDEEP

      24576:U8dJG9L4f0TYRsbalWjFm4z33bavoZ4UZZ2HQ:dzG9LvDbalG04rb6oZ4EQHQ

    Score
    1/10
    behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks