Overview

overview

7

Static

static

1

VNC-Server...4/Xvnc

ubuntu-18.04-amd64

1

VNC-Server...c-core

ubuntu-18.04-amd64

3

VNC-Server...ps/vnc

ubuntu-18.04-amd64

1

VNC-Server...ry_ip4

ubuntu-18.04-amd64

6

VNC-Server...ry_ip4

debian-9-armhf

6

VNC-Server...ry_ip4

debian-9-mips

6

VNC-Server...ry_ip4

debian-9-mipsel

6

VNC-Server...odules

ubuntu-18.04-amd64

1

VNC-Server...odules

debian-9-armhf

1

VNC-Server...odules

debian-9-mips

1

VNC-Server...odules

debian-9-mipsel

1

VNC-Server...mlinks

ubuntu-18.04-amd64

1

VNC-Server...mlinks

debian-9-armhf

1

VNC-Server...mlinks

debian-9-mips

1

VNC-Server...mlinks

debian-9-mipsel

1

VNC-Server...cagent

ubuntu-18.04-amd64

1

VNC-Server...config

ubuntu-18.04-amd64

1

VNC-Server...config

debian-9-armhf

1

VNC-Server...config

debian-9-mips

1

VNC-Server...config

debian-9-mipsel

1

VNC-Server...nstall

ubuntu-18.04-amd64

7

VNC-Server...nstall

debian-9-armhf

7

VNC-Server...nstall

debian-9-mips

7

VNC-Server...nstall

debian-9-mipsel

7

VNC-Server...icense

ubuntu-18.04-amd64

1

VNC-Server...nsewiz

ubuntu-18.04-amd64

1

VNC-Server...helper

ubuntu-18.04-amd64

1

VNC-Server...passwd

ubuntu-18.04-amd64

1

VNC-Server...server

ubuntu-18.04-amd64

1

VNC-Server...server

debian-9-armhf

1

VNC-Server...server

debian-9-mips

1

VNC-Server...server

debian-9-mipsel

1

Analysis

  • max time kernel
    5s
  • max time network
    111s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20230831-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    29/09/2023, 20:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VNC-Server-7.6.1-Linux-x64/get_primary_ip4

  • Size

    6KB

  • MD5

    d2b333ccabd9c9a838a11a8e2831cd57

  • SHA1

    e744e96c4edd238b9b0ff6d007aad0d5afed915c

  • SHA256

    6f8572213db41879e8f1f58d50b8a4e64656217123f1967682d9e85376a49699

  • SHA512

    b3d74c0bb39581a620ae11f56cb5ab95e4cd0fe66fa39fc8a746a443b65ded46006a4d7aec1d6f2cefe8fb6e1a08303096f7e362ba931f58ee57bd6290f70c2f

  • SSDEEP

    96:rDH7wyrz8WI6Q3/8ljpYL+0o2uVj0f6pJ0f0EGSkCsW5sB6B:vHEyv8WIlPojpYLbkj0yr0flGU5sB6B

Score
6/10

Malware Config

Signatures

Processes

  • /tmp/VNC-Server-7.6.1-Linux-x64/get_primary_ip4
    /tmp/VNC-Server-7.6.1-Linux-x64/get_primary_ip4
    1⤵
      PID:606
      • /bin/uname
        uname -s
        2⤵
          PID:607
        • /usr/bin/awk
          /usr/bin/awk "\$2==\"00000000\" && int(\$4/2)%2==1 {print \$1; exit}" /proc/net/route
          2⤵
          • Reads system routing table
          • Reads system network configuration
          PID:608
      • /sbin/ifconfig
        /sbin/ifconfig ens3
        1⤵
          PID:610
        • /usr/bin/tr
          /usr/bin/tr : " "
          1⤵
            PID:611
          • /usr/bin/awk
            /usr/bin/awk "\$1==\"inet\" && \$2==\"addr\" {print \$3; exit} \$1==\"inet\" {print \$2; exit}"
            1⤵
              PID:612
            • /sbin/ip
              /sbin/ip -4 addr show ens3
              1⤵
                PID:614
              • /usr/bin/awk
                /usr/bin/awk "\$1 == \"inet\" {gsub(/\\/.*\$/, \"\", \$2); print \$2; exit}"
                1⤵
                  PID:615

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads