Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

.rsync/c/go

ubuntu-18.04-amd64

5

.rsync/c/go

debian-9-armhf

5

.rsync/c/go

debian-9-mips

5

.rsync/c/go

debian-9-mipsel

5

.rsync/c/l...c.so.6

ubuntu-18.04-amd64

.rsync/c/l...l.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...d.so.0

ubuntu-18.04-amd64

.rsync/c/l....23.so

ubuntu-18.04-amd64

1

.rsync/c/l...v.so.2

ubuntu-18.04-amd64

1

.rsync/c/lib/32/tsm

ubuntu-18.04-amd64

1

.rsync/c/l...c.so.6

ubuntu-18.04-amd64

1

.rsync/c/l...l.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-18.04-amd64

1

.rsync/c/l...d.so.0

ubuntu-18.04-amd64

1

.rsync/c/l....23.so

ubuntu-18.04-amd64

1

.rsync/c/l...v.so.2

ubuntu-18.04-amd64

1

.rsync/c/lib/64/tsm

ubuntu-18.04-amd64

1

.rsync/c/run

ubuntu-18.04-amd64

9

.rsync/c/run

debian-9-armhf

9

.rsync/c/run

debian-9-mips

9

.rsync/c/run

debian-9-mipsel

9

.rsync/c/slow

ubuntu-18.04-amd64

5

.rsync/c/slow

debian-9-armhf

5

.rsync/c/slow

debian-9-mips

5

.rsync/c/slow

debian-9-mipsel

5

.rsync/c/tsm

ubuntu-18.04-amd64

5

.rsync/c/tsm

debian-9-armhf

5

.rsync/c/tsm

debian-9-mips

5

.rsync/c/tsm

debian-9-mipsel

5

Analysis

  • max time kernel
    0s
  • max time network
    103s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    06/01/2023, 07:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .rsync/c/go

  • Size

    398B

  • MD5

    1553384ee57751af771a9389b7393b93

  • SHA1

    e33a67fde9cf13c077da652fbdec07957fff2372

  • SHA256

    98dffdabf9caf512c8c9090e8c9b77a04d6ce31bbd13afe4f09668a4f2eacc2f

  • SHA512

    d406796ebae8bf724f7c18371ba6d86ef491ad0745dd64d0eaaffee9daca3954d9429c8c4e87c404338b839b47a30a6791ef25663239e4a5f0ea5113fa9b6b49

Score
5/10

Malware Config

Signatures

  • Writes file to tmp directory 9 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.rsync/c/go
    /tmp/.rsync/c/go
    1⤵
    • Writes file to tmp directory
    PID:581
    • /bin/uname
      uname -m
      2⤵
        PID:583
      • /usr/bin/touch
        touch v
        2⤵
          PID:584
        • /bin/rm
          rm -rf p
          2⤵
            PID:585
          • /bin/rm
            rm -rf ip
            2⤵
              PID:586
            • /bin/rm
              rm -rf "xtr*"
              2⤵
                PID:587
              • /bin/rm
                rm -rf a "a.*"
                2⤵
                  PID:588
                • /bin/rm
                  rm -rf b "b.*"
                  2⤵
                    PID:589
                  • /bin/sleep
                    sleep 19s
                    2⤵
                      PID:590
                    • /usr/bin/timeout
                      timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                      2⤵
                        PID:596
                        • ./tsm
                          ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                          3⤵
                            PID:597
                        • /bin/sleep
                          sleep 3
                          2⤵
                            PID:598
                          • /bin/rm
                            rm -rf "xtr*"
                            2⤵
                              PID:599
                            • /bin/rm
                              rm -rf ip
                              2⤵
                                PID:600
                              • /bin/rm
                                rm -rf p
                                2⤵
                                  PID:601
                                • /bin/rm
                                  rm -rf .out
                                  2⤵
                                    PID:602
                                  • /bin/rm
                                    rm -rf "/tmp/t*"
                                    2⤵
                                    • Writes file to tmp directory
                                    PID:603
                                  • /usr/bin/touch
                                    touch v
                                    2⤵
                                      PID:604
                                    • /bin/rm
                                      rm -rf p
                                      2⤵
                                        PID:605
                                      • /bin/rm
                                        rm -rf ip
                                        2⤵
                                          PID:606
                                        • /bin/rm
                                          rm -rf "xtr*"
                                          2⤵
                                            PID:607
                                          • /bin/rm
                                            rm -rf a "a.*"
                                            2⤵
                                              PID:608
                                            • /bin/rm
                                              rm -rf b "b.*"
                                              2⤵
                                                PID:609
                                              • /bin/sleep
                                                sleep 21s
                                                2⤵
                                                  PID:610
                                                • /usr/bin/timeout
                                                  timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                  2⤵
                                                    PID:611
                                                    • ./tsm
                                                      ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                      3⤵
                                                        PID:612
                                                    • /bin/sleep
                                                      sleep 3
                                                      2⤵
                                                        PID:613
                                                      • /bin/rm
                                                        rm -rf "xtr*"
                                                        2⤵
                                                          PID:614
                                                        • /bin/rm
                                                          rm -rf ip
                                                          2⤵
                                                            PID:615
                                                          • /bin/rm
                                                            rm -rf p
                                                            2⤵
                                                              PID:616
                                                            • /bin/rm
                                                              rm -rf .out
                                                              2⤵
                                                                PID:617
                                                              • /bin/rm
                                                                rm -rf "/tmp/t*"
                                                                2⤵
                                                                • Writes file to tmp directory
                                                                PID:618
                                                              • /usr/bin/touch
                                                                touch v
                                                                2⤵
                                                                  PID:619
                                                                • /bin/rm
                                                                  rm -rf p
                                                                  2⤵
                                                                    PID:620
                                                                  • /bin/rm
                                                                    rm -rf ip
                                                                    2⤵
                                                                      PID:621
                                                                    • /bin/rm
                                                                      rm -rf "xtr*"
                                                                      2⤵
                                                                        PID:622
                                                                      • /bin/rm
                                                                        rm -rf a "a.*"
                                                                        2⤵
                                                                          PID:623
                                                                        • /bin/rm
                                                                          rm -rf b "b.*"
                                                                          2⤵
                                                                            PID:624
                                                                          • /bin/sleep
                                                                            sleep 8s
                                                                            2⤵
                                                                              PID:625
                                                                            • /usr/bin/timeout
                                                                              timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                                              2⤵
                                                                                PID:626
                                                                                • ./tsm
                                                                                  ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                                                  3⤵
                                                                                    PID:627
                                                                                • /bin/sleep
                                                                                  sleep 3
                                                                                  2⤵
                                                                                    PID:628
                                                                                  • /bin/rm
                                                                                    rm -rf "xtr*"
                                                                                    2⤵
                                                                                      PID:629
                                                                                    • /bin/rm
                                                                                      rm -rf ip
                                                                                      2⤵
                                                                                        PID:630
                                                                                      • /bin/rm
                                                                                        rm -rf p
                                                                                        2⤵
                                                                                          PID:631
                                                                                        • /bin/rm
                                                                                          rm -rf .out
                                                                                          2⤵
                                                                                            PID:632
                                                                                          • /bin/rm
                                                                                            rm -rf "/tmp/t*"
                                                                                            2⤵
                                                                                            • Writes file to tmp directory
                                                                                            PID:633
                                                                                          • /usr/bin/touch
                                                                                            touch v
                                                                                            2⤵
                                                                                              PID:634
                                                                                            • /bin/rm
                                                                                              rm -rf p
                                                                                              2⤵
                                                                                                PID:635
                                                                                              • /bin/rm
                                                                                                rm -rf ip
                                                                                                2⤵
                                                                                                  PID:636
                                                                                                • /bin/rm
                                                                                                  rm -rf "xtr*"
                                                                                                  2⤵
                                                                                                    PID:637
                                                                                                  • /bin/rm
                                                                                                    rm -rf a "a.*"
                                                                                                    2⤵
                                                                                                      PID:638
                                                                                                    • /bin/rm
                                                                                                      rm -rf b "b.*"
                                                                                                      2⤵
                                                                                                        PID:639
                                                                                                      • /bin/sleep
                                                                                                        sleep 17s
                                                                                                        2⤵
                                                                                                          PID:640
                                                                                                        • /usr/bin/timeout
                                                                                                          timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                                                                          2⤵
                                                                                                            PID:641
                                                                                                            • ./tsm
                                                                                                              ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                                                                              3⤵
                                                                                                                PID:642
                                                                                                            • /bin/sleep
                                                                                                              sleep 3
                                                                                                              2⤵
                                                                                                                PID:643
                                                                                                              • /bin/rm
                                                                                                                rm -rf "xtr*"
                                                                                                                2⤵
                                                                                                                  PID:644
                                                                                                                • /bin/rm
                                                                                                                  rm -rf ip
                                                                                                                  2⤵
                                                                                                                    PID:645
                                                                                                                  • /bin/rm
                                                                                                                    rm -rf p
                                                                                                                    2⤵
                                                                                                                      PID:646
                                                                                                                    • /bin/rm
                                                                                                                      rm -rf .out
                                                                                                                      2⤵
                                                                                                                        PID:647
                                                                                                                      • /bin/rm
                                                                                                                        rm -rf "/tmp/t*"
                                                                                                                        2⤵
                                                                                                                        • Writes file to tmp directory
                                                                                                                        PID:648
                                                                                                                      • /usr/bin/touch
                                                                                                                        touch v
                                                                                                                        2⤵
                                                                                                                          PID:649
                                                                                                                        • /bin/rm
                                                                                                                          rm -rf p
                                                                                                                          2⤵
                                                                                                                            PID:650
                                                                                                                          • /bin/rm
                                                                                                                            rm -rf ip
                                                                                                                            2⤵
                                                                                                                              PID:651
                                                                                                                            • /bin/rm
                                                                                                                              rm -rf "xtr*"
                                                                                                                              2⤵
                                                                                                                                PID:652
                                                                                                                              • /bin/rm
                                                                                                                                rm -rf a "a.*"
                                                                                                                                2⤵
                                                                                                                                  PID:653
                                                                                                                                • /bin/rm
                                                                                                                                  rm -rf b "b.*"
                                                                                                                                  2⤵
                                                                                                                                    PID:654
                                                                                                                                  • /bin/sleep
                                                                                                                                    sleep 2s
                                                                                                                                    2⤵
                                                                                                                                      PID:655
                                                                                                                                    • /usr/bin/timeout
                                                                                                                                      timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                                                                                                      2⤵
                                                                                                                                        PID:656
                                                                                                                                        • ./tsm
                                                                                                                                          ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                                                                                                          3⤵
                                                                                                                                            PID:657
                                                                                                                                        • /bin/sleep
                                                                                                                                          sleep 3
                                                                                                                                          2⤵
                                                                                                                                            PID:658
                                                                                                                                          • /bin/rm
                                                                                                                                            rm -rf "xtr*"
                                                                                                                                            2⤵
                                                                                                                                              PID:659
                                                                                                                                            • /bin/rm
                                                                                                                                              rm -rf ip
                                                                                                                                              2⤵
                                                                                                                                                PID:660
                                                                                                                                              • /bin/rm
                                                                                                                                                rm -rf p
                                                                                                                                                2⤵
                                                                                                                                                  PID:661
                                                                                                                                                • /bin/rm
                                                                                                                                                  rm -rf .out
                                                                                                                                                  2⤵
                                                                                                                                                    PID:662
                                                                                                                                                  • /bin/rm
                                                                                                                                                    rm -rf "/tmp/t*"
                                                                                                                                                    2⤵
                                                                                                                                                    • Writes file to tmp directory
                                                                                                                                                    PID:663
                                                                                                                                                  • /usr/bin/touch
                                                                                                                                                    touch v
                                                                                                                                                    2⤵
                                                                                                                                                      PID:664
                                                                                                                                                    • /bin/rm
                                                                                                                                                      rm -rf p
                                                                                                                                                      2⤵
                                                                                                                                                        PID:665
                                                                                                                                                      • /bin/rm
                                                                                                                                                        rm -rf ip
                                                                                                                                                        2⤵
                                                                                                                                                          PID:666
                                                                                                                                                        • /bin/rm
                                                                                                                                                          rm -rf "xtr*"
                                                                                                                                                          2⤵
                                                                                                                                                            PID:667
                                                                                                                                                          • /bin/rm
                                                                                                                                                            rm -rf a "a.*"
                                                                                                                                                            2⤵
                                                                                                                                                              PID:668
                                                                                                                                                            • /bin/rm
                                                                                                                                                              rm -rf b "b.*"
                                                                                                                                                              2⤵
                                                                                                                                                                PID:669
                                                                                                                                                              • /bin/sleep
                                                                                                                                                                sleep 24s
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:670
                                                                                                                                                                • /usr/bin/timeout
                                                                                                                                                                  timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:671
                                                                                                                                                                    • ./tsm
                                                                                                                                                                      ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                                                                                                                                      3⤵
                                                                                                                                                                        PID:672
                                                                                                                                                                    • /bin/sleep
                                                                                                                                                                      sleep 3
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:673
                                                                                                                                                                      • /bin/rm
                                                                                                                                                                        rm -rf "xtr*"
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:674
                                                                                                                                                                        • /bin/rm
                                                                                                                                                                          rm -rf ip
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:675
                                                                                                                                                                          • /bin/rm
                                                                                                                                                                            rm -rf p
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:676
                                                                                                                                                                            • /bin/rm
                                                                                                                                                                              rm -rf .out
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:677
                                                                                                                                                                              • /bin/rm
                                                                                                                                                                                rm -rf "/tmp/t*"
                                                                                                                                                                                2⤵
                                                                                                                                                                                • Writes file to tmp directory
                                                                                                                                                                                PID:678
                                                                                                                                                                              • /usr/bin/touch
                                                                                                                                                                                touch v
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:679
                                                                                                                                                                                • /bin/rm
                                                                                                                                                                                  rm -rf p
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:680
                                                                                                                                                                                  • /bin/rm
                                                                                                                                                                                    rm -rf ip
                                                                                                                                                                                    2⤵
                                                                                                                                                                                      PID:681
                                                                                                                                                                                    • /bin/rm
                                                                                                                                                                                      rm -rf "xtr*"
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:682
                                                                                                                                                                                      • /bin/rm
                                                                                                                                                                                        rm -rf a "a.*"
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:683
                                                                                                                                                                                        • /bin/rm
                                                                                                                                                                                          rm -rf b "b.*"
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:684
                                                                                                                                                                                          • /bin/sleep
                                                                                                                                                                                            sleep 12s
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:685
                                                                                                                                                                                            • /usr/bin/timeout
                                                                                                                                                                                              timeout 24h ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:686
                                                                                                                                                                                                • ./tsm
                                                                                                                                                                                                  ./tsm -t 505 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                    PID:687
                                                                                                                                                                                                • /bin/sleep
                                                                                                                                                                                                  sleep 3
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:688
                                                                                                                                                                                                  • /bin/rm
                                                                                                                                                                                                    rm -rf "xtr*"
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                      PID:689
                                                                                                                                                                                                    • /bin/rm
                                                                                                                                                                                                      rm -rf ip
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                        PID:690
                                                                                                                                                                                                      • /bin/rm
                                                                                                                                                                                                        rm -rf p
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:691
                                                                                                                                                                                                        • /bin/rm
                                                                                                                                                                                                          rm -rf .out
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                            PID:692
                                                                                                                                                                                                          • /bin/rm
                                                                                                                                                                                                            rm -rf "/tmp/t*"
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                            • Writes file to tmp directory
                                                                                                                                                                                                            PID:693
                                                                                                                                                                                                          • /usr/bin/touch
                                                                                                                                                                                                            touch v
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                              PID:694
                                                                                                                                                                                                            • /bin/rm
                                                                                                                                                                                                              rm -rf p
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                PID:695
                                                                                                                                                                                                              • /bin/rm
                                                                                                                                                                                                                rm -rf ip
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                  PID:696
                                                                                                                                                                                                                • /bin/rm
                                                                                                                                                                                                                  rm -rf "xtr*"
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                    PID:697
                                                                                                                                                                                                                  • /bin/rm
                                                                                                                                                                                                                    rm -rf a "a.*"
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                      PID:698
                                                                                                                                                                                                                    • /bin/rm
                                                                                                                                                                                                                      rm -rf b "b.*"
                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                        PID:699

                                                                                                                                                                                                                    Network

                                                                                                                                                                                                                    MITRE ATT&CK Matrix

                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                    Downloads