Overview

overview

9

Static

static

.rsync/c/go

ubuntu-18.04-amd64

5

.rsync/c/go

debian-9-armhf

5

.rsync/c/go

debian-9-mips

5

.rsync/c/go

debian-9-mipsel

5

.rsync/c/l...c.so.6

ubuntu-18.04-amd64

.rsync/c/l...l.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...d.so.0

ubuntu-18.04-amd64

.rsync/c/l....23.so

ubuntu-18.04-amd64

1

.rsync/c/l...v.so.2

ubuntu-18.04-amd64

1

.rsync/c/lib/32/tsm

ubuntu-18.04-amd64

1

.rsync/c/l...c.so.6

ubuntu-18.04-amd64

1

.rsync/c/l...l.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...d.so.0

ubuntu-18.04-amd64

1

.rsync/c/l....23.so

ubuntu-18.04-amd64

1

.rsync/c/l...v.so.2

ubuntu-18.04-amd64

1

.rsync/c/lib/64/tsm

ubuntu-18.04-amd64

1

.rsync/c/run

ubuntu-18.04-amd64

9

.rsync/c/run

debian-9-armhf

9

.rsync/c/run

debian-9-mips

9

.rsync/c/run

debian-9-mipsel

9

.rsync/c/slow

ubuntu-18.04-amd64

5

.rsync/c/slow

debian-9-armhf

5

.rsync/c/slow

debian-9-mips

5

.rsync/c/slow

debian-9-mipsel

5

.rsync/c/tsm

ubuntu-18.04-amd64

5

.rsync/c/tsm

debian-9-armhf

5

.rsync/c/tsm

debian-9-mips

5

.rsync/c/tsm

debian-9-mipsel

5

Analysis

  • max time kernel
    0s
  • max time network
    127s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    06-01-2023 06:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .rsync/c/tsm

  • Size

    309B

  • MD5

    e8710e790c04be153d11f8b66e4bb91e

  • SHA1

    45c8037151b78ccfaa0dcc6bef864da2d98d84de

  • SHA256

    0bf8868d117a7c45276b6f966c09830b010c550cd16a2b0d753924fca707c842

  • SHA512

    9c30f458b40e68c110216c1ee972b525bd3cefa5e556d5440bd0de2d865573caf4630c1c8884fe19b18ca18537d40bdb6a49b3c1b7b44791bcf779014813fa11

Score
5/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.rsync/c/tsm
    /tmp/.rsync/c/tsm
    1⤵
    • Writes file to tmp directory
    PID:349
    • /usr/bin/dirname
      dirname /tmp/.rsync/c/tsm
      2⤵
        PID:351
      • /bin/uname
        uname -m
        2⤵
          PID:358
      • /bin/readlink
        readlink -f /tmp/.rsync/c/tsm
        1⤵
          PID:353

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads