4be5eb2191071fdf496ff4df7a570d03dc9114190df1614c0a18465a48a8079d

Analysis

max time kernel
4800s
max time network
127s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
06-01-2023 07:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.rsync/c/go
Size

398B
MD5

1553384ee57751af771a9389b7393b93
SHA1

e33a67fde9cf13c077da652fbdec07957fff2372
SHA256

98dffdabf9caf512c8c9090e8c9b77a04d6ce31bbd13afe4f09668a4f2eacc2f
SHA512

d406796ebae8bf724f7c18371ba6d86ef491ad0745dd64d0eaaffee9daca3954d9429c8c4e87c404338b839b47a30a6791ef25663239e4a5f0ea5113fa9b6b49

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 13 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/t*	/tmp/t*	rm
/tmp/t*	/tmp/t*	rm
/tmp/	/tmp/	go
/tmp/t*	/tmp/t*	rm
/tmp/t*	/tmp/t*	rm
/tmp/t*	/tmp/t*	rm
/tmp/t*	/tmp/t*	rm
/tmp/t*	/tmp/t*	rm
/tmp/.rsync/c/go	/tmp/.rsync/c/go	go
/tmp/t*	/tmp/t*	rm
/tmp/t*	/tmp/t*	rm
/tmp/t*	/tmp/t*	rm
/tmp/t*	/tmp/t*	rm

/tmp/.rsync/c/go
/tmp/.rsync/c/go
1⤵
- Writes file to tmp directory
PID:353
- /bin/uname
  uname -m
  2⤵
  PID:356
- /usr/bin/touch
  touch v
  2⤵
  PID:357
- /bin/rm
  rm -rf p
  2⤵
  PID:362
- /bin/rm
  rm -rf ip
  2⤵
  PID:363
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:364
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:365
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:366
- /bin/sleep
  sleep 6s
  2⤵
  PID:367
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:368
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:369
- /bin/sleep
  sleep 3
  2⤵
  PID:370
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:373
- /bin/rm
  rm -rf ip
  2⤵
  PID:374
- /bin/rm
  rm -rf p
  2⤵
  PID:375
- /bin/rm
  rm -rf .out
  2⤵
  PID:376
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:377
- /usr/bin/touch
  touch v
  2⤵
  PID:378
- /bin/rm
  rm -rf p
  2⤵
  PID:379
- /bin/rm
  rm -rf ip
  2⤵
  PID:380
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:381
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:382
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:383
- /bin/sleep
  sleep 5s
  2⤵
  PID:384
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:385
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:386
- /bin/sleep
  sleep 3
  2⤵
  PID:387
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:390
- /bin/rm
  rm -rf ip
  2⤵
  PID:391
- /bin/rm
  rm -rf p
  2⤵
  PID:392
- /bin/rm
  rm -rf .out
  2⤵
  PID:393
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:394
- /usr/bin/touch
  touch v
  2⤵
  PID:395
- /bin/rm
  rm -rf p
  2⤵
  PID:396
- /bin/rm
  rm -rf ip
  2⤵
  PID:397
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:398
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:399
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:400
- /bin/sleep
  sleep 14s
  2⤵
  PID:401
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:404
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:405
- /bin/sleep
  sleep 3
  2⤵
  PID:406
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:407
- /bin/rm
  rm -rf ip
  2⤵
  PID:408
- /bin/rm
  rm -rf p
  2⤵
  PID:409
- /bin/rm
  rm -rf .out
  2⤵
  PID:410
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:411
- /usr/bin/touch
  touch v
  2⤵
  PID:412
- /bin/rm
  rm -rf p
  2⤵
  PID:413
- /bin/rm
  rm -rf ip
  2⤵
  PID:414
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:415
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:416
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:417
- /bin/sleep
  sleep 5s
  2⤵
  PID:418
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:421
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:422
- /bin/sleep
  sleep 3
  2⤵
  PID:423
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:424
- /bin/rm
  rm -rf ip
  2⤵
  PID:425
- /bin/rm
  rm -rf p
  2⤵
  PID:426
- /bin/rm
  rm -rf .out
  2⤵
  PID:427
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:428
- /usr/bin/touch
  touch v
  2⤵
  PID:429
- /bin/rm
  rm -rf p
  2⤵
  PID:430
- /bin/rm
  rm -rf ip
  2⤵
  PID:431
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:432
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:433
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:434
- /bin/sleep
  sleep 2s
  2⤵
  PID:435
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:436
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:437
- /bin/sleep
  sleep 3
  2⤵
  PID:438
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:441
- /bin/rm
  rm -rf ip
  2⤵
  PID:442
- /bin/rm
  rm -rf p
  2⤵
  PID:443
- /bin/rm
  rm -rf .out
  2⤵
  PID:444
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:445
- /usr/bin/touch
  touch v
  2⤵
  PID:446
- /bin/rm
  rm -rf p
  2⤵
  PID:447
- /bin/rm
  rm -rf ip
  2⤵
  PID:448
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:449
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:450
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:451
- /bin/sleep
  sleep 7s
  2⤵
  PID:452
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:454
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:455
- /bin/sleep
  sleep 3
  2⤵
  PID:457
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:458
- /bin/rm
  rm -rf ip
  2⤵
  PID:459
- /bin/rm
  rm -rf p
  2⤵
  PID:460
- /bin/rm
  rm -rf .out
  2⤵
  PID:461
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:462
- /usr/bin/touch
  touch v
  2⤵
  PID:463
- /bin/rm
  rm -rf p
  2⤵
  PID:464
- /bin/rm
  rm -rf ip
  2⤵
  PID:465
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:466
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:467
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:468
- /bin/sleep
  sleep 5s
  2⤵
  PID:469
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:470
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:471
- /bin/sleep
  sleep 3
  2⤵
  PID:472
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:475
- /bin/rm
  rm -rf ip
  2⤵
  PID:476
- /bin/rm
  rm -rf p
  2⤵
  PID:477
- /bin/rm
  rm -rf .out
  2⤵
  PID:478
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:479
- /usr/bin/touch
  touch v
  2⤵
  PID:480
- /bin/rm
  rm -rf p
  2⤵
  PID:481
- /bin/rm
  rm -rf ip
  2⤵
  PID:482
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:483
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:484
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:485
- /bin/sleep
  sleep 17s
  2⤵
  PID:486
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:489
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:490
- /bin/sleep
  sleep 3
  2⤵
  PID:491
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:494
- /bin/rm
  rm -rf ip
  2⤵
  PID:495
- /bin/rm
  rm -rf p
  2⤵
  PID:496
- /bin/rm
  rm -rf .out
  2⤵
  PID:497
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:498
- /usr/bin/touch
  touch v
  2⤵
  PID:499
- /bin/rm
  rm -rf p
  2⤵
  PID:500
- /bin/rm
  rm -rf ip
  2⤵
  PID:501
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:502
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:503
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:504
- /bin/sleep
  sleep 8s
  2⤵
  PID:505
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:508
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:509
- /bin/sleep
  sleep 3
  2⤵
  PID:510
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:511
- /bin/rm
  rm -rf ip
  2⤵
  PID:512
- /bin/rm
  rm -rf p
  2⤵
  PID:513
- /bin/rm
  rm -rf .out
  2⤵
  PID:514
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:515
- /usr/bin/touch
  touch v
  2⤵
  PID:516
- /bin/rm
  rm -rf p
  2⤵
  PID:517
- /bin/rm
  rm -rf ip
  2⤵
  PID:518
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:519
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:520
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:521
- /bin/sleep
  sleep 17s
  2⤵
  PID:522
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:528
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:531
- /bin/sleep
  sleep 3
  2⤵
  PID:532
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:556
- /bin/rm
  rm -rf ip
  2⤵
  PID:557
- /bin/rm
  rm -rf p
  2⤵
  PID:558
- /bin/rm
  rm -rf .out
  2⤵
  PID:561
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:562
- /usr/bin/touch
  touch v
  2⤵
  PID:563
- /bin/rm
  rm -rf p
  2⤵
  PID:565
- /bin/rm
  rm -rf ip
  2⤵
  PID:566
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:568
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:569
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:571
- /bin/sleep
  sleep 17s
  2⤵
  PID:572
- /usr/bin/timeout
  timeout 24h ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
  2⤵
  PID:645
- - ./tsm
    ./tsm -t 75 -f 1 -s 12 -S 8 -p 0 -d 1 p ip
    3⤵
    PID:646
- /bin/sleep
  sleep 3
  2⤵
  PID:647
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:648
- /bin/rm
  rm -rf ip
  2⤵
  PID:649
- /bin/rm
  rm -rf p
  2⤵
  PID:650
- /bin/rm
  rm -rf .out
  2⤵
  PID:651
- /bin/rm
  rm -rf "/tmp/t*"
  2⤵
  - Writes file to tmp directory
  PID:652
- /usr/bin/touch
  touch v
  2⤵
  PID:653
- /bin/rm
  rm -rf p
  2⤵
  PID:654
- /bin/rm
  rm -rf ip
  2⤵
  PID:655
- /bin/rm
  rm -rf "xtr*"
  2⤵
  PID:656
- /bin/rm
  rm -rf a "a.*"
  2⤵
  PID:657
- /bin/rm
  rm -rf b "b.*"
  2⤵
  PID:658

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads