791dc93c9d3470be7487eaf4f62910e161a971478b338a376efdfc2d9ad2428f

Analysis

max time kernel
4s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
15/04/2023, 04:59

Target

argocd-vault-plugin_1.8.0_linux_amd64
Size

42.5MB
MD5

efad954c150b99d5c923efe5fe9edefb
SHA1

7d79329b2aff87e54d1370e8462c449cd865fb97
SHA256

791dc93c9d3470be7487eaf4f62910e161a971478b338a376efdfc2d9ad2428f
SHA512

e1388c40a4f1be1ca6db27df18922aa40e755e42108e2fa88b9e53ad9d7c3f48d5b30838a016e4e560a0d053ec7dde6a4559fc0c5466d56705358d4ff6d4297b
SSDEEP

196608:KJCtIwwoQyjmbQ1kedwR54osRsdnTemnvEjAgbSZJUA2OKp7Z2ZQWlM4Tt/+xOI9:oMIHR85Wb4Den/npI

Score

5^/10

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

description	ioc	Process
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	argocd-vault-plugin_1.8.0_linux_amd64

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/argocd-vault-plugin_1.8.0_linux_amd64	/tmp/argocd-vault-plugin_1.8.0_linux_amd64	argocd-vault-plugin_1.8.0_linux_amd64

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact