Analysis

  • max time kernel
    4s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    15/04/2023, 04:59

General

  • Target

    argocd-vault-plugin_1.8.0_linux_amd64

  • Size

    42.5MB

  • MD5

    efad954c150b99d5c923efe5fe9edefb

  • SHA1

    7d79329b2aff87e54d1370e8462c449cd865fb97

  • SHA256

    791dc93c9d3470be7487eaf4f62910e161a971478b338a376efdfc2d9ad2428f

  • SHA512

    e1388c40a4f1be1ca6db27df18922aa40e755e42108e2fa88b9e53ad9d7c3f48d5b30838a016e4e560a0d053ec7dde6a4559fc0c5466d56705358d4ff6d4297b

  • SSDEEP

    196608:KJCtIwwoQyjmbQ1kedwR54osRsdnTemnvEjAgbSZJUA2OKp7Z2ZQWlM4Tt/+xOI9:oMIHR85Wb4Den/npI

Score
5/10

Malware Config

Signatures

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/argocd-vault-plugin_1.8.0_linux_amd64
    /tmp/argocd-vault-plugin_1.8.0_linux_amd64
    1⤵
    • Enumerates kernel/hardware configuration
    • Writes file to tmp directory
    PID:596

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads