49abe511072d87596ba0e4d7908d82d06768199f8e6d9c8ec5d48a55414eac75 | Triage

Analysis

max time kernel
3s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221125-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221125-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
27-05-2023 20:03

Sharing

Report Analysis Logs

General

Target

randomware
Size

10KB
MD5

58fc907b8643c006d29339de3c6b7355
SHA1

ccc06e1e9543c36c2bf5834bc248cd573764ee80
SHA256

49abe511072d87596ba0e4d7908d82d06768199f8e6d9c8ec5d48a55414eac75
SHA512

f30ef259f7db90a0f903df49ba30dcf467a48ae521a859c432f6c39e6fa91b5a10ade85998c5f7e2f91b633d98b1a1d3e179f0131f86a3a62b2e3735d8480756
SSDEEP

192:GqPkFdaIEpUvSFgYdCOylZCm6vL4azOdXSV:iFdaIEmvSF3ylZcMaidg

Score

3^/10

Malware Config

Signatures

Writes file to tmp directory 9 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/systemd-private-e1dcaa3d821146f19e72915f78fcbc65-systemd-timedated.service-VGcoBh.osiris	randomware
File opened for modification	/tmp/systemd-private-e1dcaa3d821146f19e72915f78fcbc65-systemd-timesyncd.service-RZjVdN.osiris	randomware
File opened for modification	/tmp/systemd-private-e1dcaa3d821146f19e72915f78fcbc65-systemd-resolved.service-bImdBo.osiris	randomware
File opened for modification	/tmp/netplan_y31irql5.osiris	randomware
File opened for modification	/tmp/.font-unix.osiris	randomware
File opened for modification	/tmp/.X11-unix.osiris	randomware
File opened for modification	/tmp/.Test-unix.osiris	randomware
File opened for modification	/tmp/.XIM-unix.osiris	randomware
File opened for modification	/tmp/.ICE-unix.osiris	randomware

/tmp/randomware
/tmp/randomware
1⤵
- Writes file to tmp directory
PID:625

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads