Overview

overview

10

Static

static

10

617b44948b...3b2.gz

ubuntu-18.04-amd64

617b44948b...3b2.gz

debian-9-armhf

617b44948b...3b2.gz

debian-9-mips

617b44948b...3b2.gz

debian-9-mipsel

sample.tar

ubuntu-18.04-amd64

sample.tar

debian-9-armhf

sample.tar

debian-9-mips

sample.tar

debian-9-mipsel

.ssh/a

ubuntu-18.04-amd64

.ssh/a

debian-9-armhf

.ssh/a

debian-9-mips

.ssh/a

debian-9-mipsel

.ssh/b

ubuntu-18.04-amd64

.ssh/b

debian-9-armhf

.ssh/b

debian-9-mips

.ssh/b

debian-9-mipsel

.ssh/config.json

ubuntu-18.04-amd64

.ssh/config.json

debian-9-armhf

.ssh/config.json

debian-9-mips

.ssh/config.json

debian-9-mipsel

.ssh/krane

ubuntu-18.04-amd64

9

.ssh/krane

debian-9-armhf

9

.ssh/krane

debian-9-mips

9

.ssh/krane

debian-9-mipsel

9

.ssh/sshd

ubuntu-18.04-amd64

9

Resubmissions

12/05/2023, 15:34

230512-szz64sdf56 10

12/05/2023, 15:31

230512-syh67sfg8y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    617b44948b1d5ee75da9afcc343fbbed4951a145b615ea864db791ff9a33b3b2

  • Size

    3.0MB

  • Sample

    230512-syh67sfg8y

  • MD5

    bd2b1e4ce5febd42f0a9f04a0b85c2bc

  • SHA1

    4e05e9ce2a2b0b4cdcf404244ee50e021708a81d

  • SHA256

    617b44948b1d5ee75da9afcc343fbbed4951a145b615ea864db791ff9a33b3b2

  • SHA512

    70ddf7619c33aa12593d63f60062dbb83339ae73c881566bce8c51789089a635c8a957e7927f3cc9c44b92df6f345cf66803220683ec27152ae89d1cbde17367

  • SSDEEP

    49152:+LdzPJ6lNjaDC9CXoTAhqXbiBKnURqFKqR0W3QA+Ce8QozjFte80nsEsW22pu8:+LdTJ63u+oXoshqLiUnCvqRpnre8tzj2

Score
10/10
xmrigantivmlinuxminerrootkit

Malware Config

Targets

    • Target

      617b44948b1d5ee75da9afcc343fbbed4951a145b615ea864db791ff9a33b3b2

    • Size

      3.0MB

    • MD5

      bd2b1e4ce5febd42f0a9f04a0b85c2bc

    • SHA1

      4e05e9ce2a2b0b4cdcf404244ee50e021708a81d

    • SHA256

      617b44948b1d5ee75da9afcc343fbbed4951a145b615ea864db791ff9a33b3b2

    • SHA512

      70ddf7619c33aa12593d63f60062dbb83339ae73c881566bce8c51789089a635c8a957e7927f3cc9c44b92df6f345cf66803220683ec27152ae89d1cbde17367

    • SSDEEP

      49152:+LdzPJ6lNjaDC9CXoTAhqXbiBKnURqFKqR0W3QA+Ce8QozjFte80nsEsW22pu8:+LdTJ63u+oXoshqLiUnCvqRpnre8tzj2

    Score
    1/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      sample

    • Size

      7.5MB

    • MD5

      09ba3a2e0e7c95e99ca5bf956eee2416

    • SHA1

      5f61071e5aecb0dfc1961db28345d74fe3e42c99

    • SHA256

      668c6281b21b0ec237cf25f03e53f635a1b6d0ccd018c5c77bcc377e7813a644

    • SHA512

      07bc39110263e99bf86719a5f2add05141128f40dea071e16092a01a11bd933c5037f5b6e9a267246a141655b940b1ec27aa3147a587b0e46830f4c40779dfe2

    • SSDEEP

      196608:ZzeNDgaYvdxREffGMiugychKEj91lNJD1kjks:ZSNDgaYvdxR+uMpgycUIjlNJRkj

    Score
    1/10
    behavioral5behavioral6behavioral7behavioral8

    • Target

      .ssh/a

    • Size

      209B

    • MD5

      00a570a925ab9e7ac6597e1e7174e5ca

    • SHA1

      d4596e063e096334be88096f16a8abeb8e431253

    • SHA256

      ec43cacb5ae1fa6375dee7cefc8910a93a052132489a69b46ae4cad0f80f74f5

    • SHA512

      99f8256957bbbe8ef2cac3f86b6d361db389ec17025a2445c4b448b2fe7bf4007014dda91461e6f654757384294e0dae825be9d10df4f239b5cfd315fbd0b8d0

    Score
    1/10
    behavioral10behavioral11behavioral12behavioral9

    • Target

      .ssh/b

    • Size

      34B

    • MD5

      43d5448556b364ebe8b3b0f7288970ba

    • SHA1

      6d44b9996fbc7a97dc26fee4bab0d9159d8909e8

    • SHA256

      8158664efe2753ba8d9a1d1ac32893779e6068218f6b3d41785264687da54ca6

    • SHA512

      f2dd2fc2278def55d8946f92c8d79a965b1809bf7bd3dce7dad5bcf9a21548ce853952fa7cb25ed68bb475ab79ac38227319885db0abe9057bda043cb065ece1

    Score
    1/10
    behavioral13behavioral14behavioral15behavioral16

    • Target

      .ssh/config.json

    • Size

      1KB

    • MD5

      71d56cc18a8a89884babfc6e4af68776

    • SHA1

      afb81bc0df5badb09bc69c94371c3b12d72c6c38

    • SHA256

      dd40432a459d72773782d5b131323c1bcfe32de7500974c772db64298b95aec2

    • SHA512

      740b47ffd3d23366ab3400bc714d832f34eb00b683ad485c2cc694c21e5ac872aac8b615b40513f5c3bcd23192e76e1282a27e7483ca0d5cb61668174268496b

    Score
    1/10
    behavioral17behavioral18behavioral19behavioral20

    • Target

      .ssh/krane

    • Size

      1KB

    • MD5

      45fe9debede8f388adae72b1b0cbe4de

    • SHA1

      91ae8905bb5fe65bfa52938e83578c561b8e794d

    • SHA256

      59fdced871d47011259fdab2eb77b4f17a2c5b7820325c42364e2fa0b1d01588

    • SHA512

      7cdc444601202287de9bc11de9174a3b3637a4a18223daf309d39d32fba4b513153716aad7e4497d1581a6d896fae98dcd1715374d87bd12b2e46b4cf0f062c4

    Score
    9/10

    • Deletes system logs

    • Reads CPU attributes

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral21behavioral22behavioral23behavioral24

    • Target

      .ssh/sshd

    • Size

      7.4MB

    • MD5

      1d5b701b74ff430a4313057a1fc1a7b1

    • SHA1

      98de489d21e620c4b87a71442f809ebf7683ac78

    • SHA256

      dc4eb01933cb16bb027bb50215480c30c39bd3d30b5b8f7b957833bd6381183a

    • SHA512

      2547cab6565b72b1d3ce18e068ea5bb274b925e47d1a6f43af5ad45cb53dee1717a8ded52f147dbe9e58d8cd710f1bcf0d6ef3fb99f78fc66f25768960361679

    • SSDEEP

      196608:DzeNDgaYvdxREffGMiugychKEj91lNJD1kjks:DSNDgaYvdxR+uMpgycUIjlNJRkj

    Score
    9/10
    antivmrootkit

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Reads CPU attributes

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral25

MITRE ATT&CK Enterprise v6

Tasks