Overview

overview

5

Static

static

9746fee7b1...86.tar

windows7-x64

3

9746fee7b1...86.tar

windows10-2004-x64

3

usr/bin/davtest

ubuntu-18.04-amd64

5

usr/bin/davtest

debian-9-armhf

5

usr/bin/davtest

debian-9-mips

5

usr/bin/davtest

debian-9-mipsel

5

usr/share/...md.asp

windows7-x64

3

usr/share/...md.asp

windows10-2004-x64

3

usr/share/...md.asp

windows7-x64

3

usr/share/...md.asp

windows10-2004-x64

3

usr/share/...d.html

windows7-x64

1

usr/share/...d.html

windows10-2004-x64

1

usr/share/...md.cgi

ubuntu-18.04-amd64

5

usr/share/...md.cgi

debian-9-armhf

5

usr/share/...md.cgi

debian-9-mips

5

usr/share/...md.cgi

debian-9-mipsel

5

usr/share/...cmd.js

windows7-x64

1

usr/share/...cmd.js

windows10-2004-x64

1

usr/share/...cmd.js

windows7-x64

1

usr/share/...cmd.js

windows10-2004-x64

1

usr/share/...cmd.pl

ubuntu-18.04-amd64

5

usr/share/...cmd.pl

debian-9-armhf

5

usr/share/...cmd.pl

debian-9-mips

5

usr/share/...cmd.pl

debian-9-mipsel

5

usr/share/...est.pl

ubuntu-18.04-amd64

5

usr/share/...est.pl

debian-9-armhf

5

usr/share/...est.pl

debian-9-mips

5

usr/share/...est.pl

debian-9-mipsel

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    9746fee7b10895a32ee51e2c502a53f04b6bd8c5b7898dce6ba4daa0790bad86

  • Size

    70KB

  • Sample

    221127-wm1hwsbh4y

  • MD5

    b0ff10fc1bf66a25b42826d7b68d318b

  • SHA1

    d35589dfaaa4b981bb4827707b46fee8d51a355f

  • SHA256

    9746fee7b10895a32ee51e2c502a53f04b6bd8c5b7898dce6ba4daa0790bad86

  • SHA512

    f668001d4f581445c340baa490a014f0ab9162387289752e6541214b4df0b0a48253cbfc0a15eb2276bd711ecbc78e065335e441a085f3f7ea93122a64c3860c

  • SSDEEP

    768:GSfKieWHjGLWG773JoaQ61sqH8NDeA2j:reW/G775oaQusqH3j

Score
5/10
linux

Malware Config

Targets

    • Target

      9746fee7b10895a32ee51e2c502a53f04b6bd8c5b7898dce6ba4daa0790bad86

    • Size

      70KB

    • MD5

      b0ff10fc1bf66a25b42826d7b68d318b

    • SHA1

      d35589dfaaa4b981bb4827707b46fee8d51a355f

    • SHA256

      9746fee7b10895a32ee51e2c502a53f04b6bd8c5b7898dce6ba4daa0790bad86

    • SHA512

      f668001d4f581445c340baa490a014f0ab9162387289752e6541214b4df0b0a48253cbfc0a15eb2276bd711ecbc78e065335e441a085f3f7ea93122a64c3860c

    • SSDEEP

      768:GSfKieWHjGLWG773JoaQ61sqH8NDeA2j:reW/G775oaQusqH3j

    Score
    3/10
    behavioral1behavioral2

    • Target

      usr/bin/davtest

    • Size

      58B

    • MD5

      0cf0ccdcd32d356ddbc429c42a06177a

    • SHA1

      2d0cae0cdb72d4bbd7dea9da781179d1799fa0df

    • SHA256

      b595afb99218e756a22a6b0eaff20104969b621bcb1daa1fe95c7ecfdc45afe5

    • SHA512

      a3b78185b6ef3e85164625d44810b18eb6790b77ff08bb556b33506152be7cbdddc559702136ce08e6eb53f904e7c4dc8beee8bc3b0e97ffd31bef7d7bc6c85e

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral3behavioral4behavioral5behavioral6

    • Target

      usr/share/davtest/backdoors/asp_cmd.asp

    • Size

      1KB

    • MD5

      e4b0652d1404afe762bc584a025b84b7

    • SHA1

      9c6221b6d4a664850fb2290af8e416e44aa2d12e

    • SHA256

      c4af7a5b85487bf907df40fa7c0a2c9ab594f7ab27178ad5d4075e901bac0742

    • SHA512

      fbeb246f2743995b4680f24e7b599a3036395119c1f63cbec7c7cf7e397051fbaf4b5b340ea7688004d91a228dd4212ad3ba4c931dcaa224670a2b40cff11e8b

    Score
    3/10
    behavioral7behavioral8

    • Target

      usr/share/davtest/backdoors/aspx_cmd.aspx

    • Size

      1KB

    • MD5

      29a062dc9ab141e60ab698168eec4e21

    • SHA1

      d192603f6fc7623c2c37f1209cbfef466d281734

    • SHA256

      b4bb14aeb692f7afc107ee89f86d096f1cd8f9761b6c50788f626a9dccc8b077

    • SHA512

      550cdd4efc1048c0aa148d012f4387af09ca3b5c26b0b1b1600ca18c7d2b1d2f72be6343bfc46318404d0ee2d3be544d8701f0b5f03c85a212b5b90de92f0ce4

    Score
    3/10
    behavioral10behavioral9

    • Target

      usr/share/davtest/backdoors/cf_cmd.cfm

    • Size

      1KB

    • MD5

      f89b31f3a9a31c3c7fca32ab4bacf2c4

    • SHA1

      b6fd503728a9d8a7ecfdf9f2917b3334608ec370

    • SHA256

      cb6e2b444a36f4a8cdfb468ce43cb54fe892de2373e6b1fa986424ad594bc84a

    • SHA512

      505c897d644ea7843045ab4c0bea4eb0faf118b9aebbf56a2c5a0ffbb030952815e12b9101f04efa90fc778929086f02b665b65fe11e6082e72a594bfa4b6d09

    Score
    1/10
    behavioral11behavioral12

    • Target

      usr/share/davtest/backdoors/cgi_cmd.cgi

    • Size

      580B

    • MD5

      e64082a3d307a0dd36600b30e90e529c

    • SHA1

      8a036aac2c473b6f1c246bc61483695349919bc5

    • SHA256

      98278a99ae79937d8cdc0aa6feb3b535a267d66627a03e0bfca537a014288bae

    • SHA512

      6e58b5683831ad8d03c8ca0253256a91408d8893606b06be8aa6ec560b2386b70a2e4f6b7b48343730d1e4bf24e74fdf14ec8d4a0d04f5e754d0730e95c66cb6

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral13behavioral14behavioral15behavioral16

    • Target

      usr/share/davtest/backdoors/jsp_unix_cmd.jsp

    • Size

      714B

    • MD5

      2dc6a23e94c1c99998ece03b63f5d02a

    • SHA1

      8bc2bff6c6be5ba65b9a4c1fb4f846ebdec5e619

    • SHA256

      b104d4c1140b63564b21a782e6064a1b7da2b4b2b91feae641cbf19d6235d3bd

    • SHA512

      7dce4d51c94ff3cbcdbb5cb85ffd6b9b3a4db2b78469d67bf7ef1b301d4d17ba49ab6551e298d1ffe019a79ae0f8d5d6a8ad6c5787cba683a10732fc01c5cf06

    Score
    1/10
    behavioral17behavioral18

    • Target

      usr/share/davtest/backdoors/jsp_win_cmd.jsp

    • Size

      720B

    • MD5

      b7a09178044245b50c540866e9a35784

    • SHA1

      da393c31ae22dec320d0227d7b1398a7c04940e0

    • SHA256

      17be96ea5e7bb6a8db985f118407aabaa837f64fbbfc1a5c10d490546756df81

    • SHA512

      55fee9a873f62e8c8789fad8bdd3768a32c0522bff4cfa6919e5e865b1408836c977ed92a895067b19b655d1178dbfe2b9accb290a10c1ca0e94d9d04f6d656b

    Score
    1/10
    behavioral19behavioral20

    • Target

      usr/share/davtest/backdoors/perl_cmd.pl

    • Size

      580B

    • MD5

      e64082a3d307a0dd36600b30e90e529c

    • SHA1

      8a036aac2c473b6f1c246bc61483695349919bc5

    • SHA256

      98278a99ae79937d8cdc0aa6feb3b535a267d66627a03e0bfca537a014288bae

    • SHA512

      6e58b5683831ad8d03c8ca0253256a91408d8893606b06be8aa6ec560b2386b70a2e4f6b7b48343730d1e4bf24e74fdf14ec8d4a0d04f5e754d0730e95c66cb6

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral21behavioral22behavioral23behavioral24

    • Target

      usr/share/davtest/davtest.pl

    • Size

      18KB

    • MD5

      651f234aa7def0aa19cc8912fdc7d673

    • SHA1

      87bd4766a51c7e03ba9ef06478334cd3cdca52d8

    • SHA256

      5b3e44c2be8860567f42adbe9a14f38d9eff064800ecb3949c9b45f9fe1f5c13

    • SHA512

      ba95a6723031ea5eb7630a1f5dcec3730c8821322195895ba98d077e6cf7ede83f8785228bee3e270c0236791963fabc62135c7ffbdc36d60210888ad47094cb

    • SSDEEP

      192:4fuxiRGNPRfpoyVIEjzym26s+Ck8yUcCtyAvOn+6oG+sOxSVCyiSCyld+Dy+Zn+Z:4fKi8xT2FioGaBgGJjmnBTj

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral25behavioral26behavioral27behavioral28

MITRE ATT&CK Enterprise v6

Tasks