Overview

overview

10

Static

static

10

.sshdd

ubuntu-18.04-amd64

7

261664

ubuntu-18.04-amd64

8

32

ubuntu-18.04-amd64

1

36000.exe

windows7-x64

7

36000.exe

windows10-2004-x64

7

64

ubuntu-18.04-amd64

8

GetPass.exe

windows7-x64

7

GetPass.exe

windows10-2004-x64

7

NetSyst81.dll

windows7-x64

1

NetSyst81.dll

windows10-2004-x64

1

POP

ubuntu-18.04-amd64

1

SAY123

ubuntu-18.04-amd64

5

SAY456

ubuntu-18.04-amd64

8

TomDog_Result.html

windows7-x64

1

TomDog_Result.html

windows10-2004-x64

1

a06

ubuntu-18.04-amd64

9

a07

ubuntu-18.04-amd64

9

a08

ubuntu-18.04-amd64

9

a09

ubuntu-18.04-amd64

9

a10

ubuntu-18.04-amd64

9

banner313.pl

ubuntu-18.04-amd64

banner313.pl

debian-9-armhf

banner313.pl

debian-9-mips

banner313.pl

debian-9-mipsel

f.sh

ubuntu-18.04-amd64

5

f.sh

debian-9-armhf

5

f.sh

debian-9-mips

5

f.sh

debian-9-mipsel

5

g3m.pl

ubuntu-18.04-amd64

g3m.pl

debian-9-armhf

g3m.pl

debian-9-mips

g3m.pl

debian-9-mipsel

Resubmissions

20-04-2023 08:22

230420-j9jsfaae7s 10

27-03-2023 09:38

230327-lmbvescg32 10

Analysis

  • max time kernel
    80s
  • max time network
    40s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20221111-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    20-04-2023 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a09

  • Size

    611KB

  • MD5

    d1b5b4b4b5a118e384c7ff487e14ac3f

  • SHA1

    038b7e9406fe5cb0a0be8f95ac935923c6d83c28

  • SHA256

    0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b

  • SHA512

    20885f782beeca1712924d6dec7fa474fb2fa7f926d7cbdbdd5f7fa18f6a3ac2bcd5dbd771a80c13c3403cbad05f2cda86ffefdc8170d6cc0f0b4b01a5baec74

  • SSDEEP

    12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiLx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhLfNiGQl/91h

Score
9/10
persistence

Malware Config

Signatures

  • Writes file to system bin folder 1 TTPs 4 IoCs
  • Creates/modifies Cron job 1 TTPs 2 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Modifies init.d 1 TTPs 1 IoCs

    Adds/modifies system service, likely for persistence.

    persistence
  • Modifies rc script 1 TTPs 17 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence