Overview

overview

8

Static

static

8

400.184/mats

ubuntu-18.04-amd64

1

400.184/mods

ubuntu-18.04-amd64

5

mats.img

windows7-x64

3

mats.img

windows10-2004-x64

3

rufus-3.13.exe

windows7-x64

8

rufus-3.13.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    6452s
  • max time network
    101s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20221111-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    25-01-2023 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    400.184/mods

  • Size

    23.7MB

  • MD5

    39c86e0c3102034f7ae30e653e3afeba

  • SHA1

    ccfd6c1570473e4851ebf255a8519c8ad8c9f1da

  • SHA256

    4af640f74e44fc56aefe76d6d36ee3070e4304c8844b5d73028269f3845d2e56

  • SHA512

    4df53717a9742a8540f042352bab6a13bd2848cf3b776643dc4a461985daef1c7ba78cd6dd9cb7d7ac8478cc8ed86342ebeb1793bf8d918a7590c504d072d1da

  • SSDEEP

    393216:lOlQz0IDS/EJRpgvVjhYuzbrHkAERJj/HCmcansl4WySvd3Lg5jCQ13QFyEiRdR:4lQzH4ESVjhhXrkAC/HPcaQt7iBW3iRf

Score
5/10

Malware Config

Signatures

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/400.184/mods
    /tmp/400.184/mods
    1⤵
    • Reads runtime system information
    PID:637
    • /bin/sh
      sh -c "sh /tmp/400.184/install_module.sh --insert"
      2⤵
        PID:717
        • /bin/sh
          sh /tmp/400.184/install_module.sh --insert
          3⤵
          • Writes file to tmp directory
          PID:718

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads