Overview
overview
10Static
static
10.sshdd
ubuntu-18.04-amd64
7261664
ubuntu-18.04-amd64
832
ubuntu-18.04-amd64
136000.exe
windows7-x64
736000.exe
windows10-2004-x64
764
ubuntu-18.04-amd64
8GetPass.exe
windows7-x64
7GetPass.exe
windows10-2004-x64
7NetSyst81.dll
windows7-x64
1NetSyst81.dll
windows10-2004-x64
1POP
ubuntu-18.04-amd64
1SAY123
ubuntu-18.04-amd64
5SAY456
ubuntu-18.04-amd64
8TomDog_Result.html
windows7-x64
1TomDog_Result.html
windows10-2004-x64
1a06
ubuntu-18.04-amd64
9a07
ubuntu-18.04-amd64
9a08
ubuntu-18.04-amd64
9a09
ubuntu-18.04-amd64
9a10
ubuntu-18.04-amd64
9banner313.pl
ubuntu-18.04-amd64
banner313.pl
debian-9-armhf
banner313.pl
debian-9-mips
banner313.pl
debian-9-mipsel
f.sh
ubuntu-18.04-amd64
5f.sh
debian-9-armhf
5f.sh
debian-9-mips
5f.sh
debian-9-mipsel
5g3m.pl
ubuntu-18.04-amd64
g3m.pl
debian-9-armhf
g3m.pl
debian-9-mips
g3m.pl
debian-9-mipsel
Analysis
-
max time kernel
155s -
max time network
157s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
20-04-2023 08:22
Behavioral task
behavioral1
Sample
.sshdd
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral2
Sample
261664
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
Behavioral task
behavioral3
Sample
32
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral4
Sample
36000.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral5
Sample
36000.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
64
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
Behavioral task
behavioral7
Sample
GetPass.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral8
Sample
GetPass.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
NetSyst81.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral10
Sample
NetSyst81.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
POP
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral12
Sample
SAY123
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
Behavioral task
behavioral13
Sample
SAY456
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral14
Sample
TomDog_Result.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral15
Sample
TomDog_Result.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
a06
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
Behavioral task
behavioral17
Sample
a07
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral18
Sample
a08
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral19
Sample
a09
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral20
Sample
a10
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral21
Sample
banner313.pl
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral22
Sample
banner313.pl
Resource
debian9-armhf-20221111-en
debian-9-armhf
Behavioral task
behavioral23
Sample
banner313.pl
Resource
debian9-mipsbe-en-20211208
debian-9-mips
Behavioral task
behavioral24
Sample
banner313.pl
Resource
debian9-mipsel-en-20211208
debian-9-mipsel
Behavioral task
behavioral25
Sample
f.sh
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral26
Sample
f.sh
Resource
debian9-armhf-20221111-en
debian-9-armhf
Behavioral task
behavioral27
Sample
f.sh
Resource
debian9-mipsbe-en-20211208
debian-9-mips
Behavioral task
behavioral28
Sample
f.sh
Resource
debian9-mipsel-20221111-en
debian-9-mipsel
Behavioral task
behavioral29
Sample
g3m.pl
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
Behavioral task
behavioral30
Sample
g3m.pl
Resource
debian9-armhf-en-20211208
debian-9-armhf
Behavioral task
behavioral31
Sample
g3m.pl
Resource
debian9-mipsbe-20221111-en
debian-9-mips
Behavioral task
behavioral32
Sample
g3m.pl
Resource
debian9-mipsel-en-20211208
debian-9-mipsel
General
-
Target
.sshdd
-
Size
647KB
-
MD5
33229183c1a701376ef15a0af4f9dc5b
-
SHA1
b6a981f7d1e3141bc99e448ca5ea88e4f973463c
-
SHA256
4e6eb417b5598ed171d383e6d6e3f1dc861438a52cfd869bbfaebabb8905f622
-
SHA512
af69aabf1cb1463cf425d23fdab57d43eca545c86211c4dd7d2a14d27803f461aebebbf2108df8033b16f208e26026f5c3ae3cc578d7d893ba5487e992fbe419
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Tonnp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mn6wvnDWXMN
Malware Config
Signatures
-
Creates/modifies Cron job 1 TTPs 2 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
sedshdescription ioc Process /etc/crontab /etc/crontab sed /etc/crontab /etc/crontab sh -
Modifies rc script 1 TTPs 12 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
update-rc.ddescription ioc Process /etc/rc4.d/ /etc/rc4.d/ update-rc.d /etc/rc2.d/ /etc/rc2.d/ update-rc.d /etc/rc6.d/ /etc/rc6.d/ update-rc.d /etc/rc1.d/ /etc/rc1.d/ update-rc.d /etc/rc2.d/S90zjohittxxv /etc/rc2.d/S90zjohittxxv