Overview

overview

4

Static

static

1

.SIGN.RSA....sa.pub

windows7-x64

4

.SIGN.RSA....sa.pub

windows10-2004-x64

3

var/ossec/...ban.sh

ubuntu-18.04-amd64

1

var/ossec/...ban.sh

debian-9-armhf

1

var/ossec/...ban.sh

debian-9-mips

1

var/ossec/...ban.sh

debian-9-mipsel

1

var/ossec/...unt.sh

ubuntu-18.04-amd64

3

var/ossec/...unt.sh

debian-9-armhf

1

var/ossec/...unt.sh

debian-9-mips

1

var/ossec/...unt.sh

debian-9-mipsel

1

var/ossec/...rop.sh

ubuntu-18.04-amd64

3

var/ossec/...rop.sh

debian-9-armhf

1

var/ossec/...rop.sh

debian-9-mips

1

var/ossec/...rop.sh

debian-9-mipsel

1

var/ossec/...rop.sh

ubuntu-18.04-amd64

3

var/ossec/...rop.sh

debian-9-armhf

1

var/ossec/...rop.sh

debian-9-mips

1

var/ossec/...rop.sh

debian-9-mipsel

3

var/ossec/...eny.sh

ubuntu-18.04-amd64

3

var/ossec/...eny.sh

debian-9-armhf

1

var/ossec/...eny.sh

debian-9-mips

1

var/ossec/...eny.sh

debian-9-mipsel

1

var/ossec/...ock.sh

ubuntu-18.04-amd64

3

var/ossec/...ock.sh

debian-9-armhf

3

var/ossec/...ock.sh

debian-9-mips

3

var/ossec/...ock.sh

debian-9-mipsel

3

var/ossec/...pfw.sh

ubuntu-18.04-amd64

3

var/ossec/...pfw.sh

debian-9-armhf

1

var/ossec/...pfw.sh

debian-9-mips

3

var/ossec/...pfw.sh

debian-9-mipsel

1

var/ossec/...mac.sh

ubuntu-18.04-amd64

3

var/ossec/...mac.sh

debian-9-armhf

1

Analysis

  • max time kernel
    5s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20230831-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    07/10/2023, 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    var/ossec/active-response/bin/host-deny.sh

  • Size

    3KB

  • MD5

    91d7f73f73c28c874e122eb5436d132e

  • SHA1

    997c90416ea763fd7a97a5526abd839371695d23

  • SHA256

    838c4422e6468fe7fab97f49d1f7b4dfc72975c18b981506845feded0a4f031b

  • SHA512

    82f4ce7a5abafffd39c4d6a606ceef20da727ec3ea353e5e4d1125e3bdbd4b738d61f9af55fe7113feb6db5fe32f1c4400e11c68ac08381a0dd013e0b7b0d8ac

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/var/ossec/active-response/bin/host-deny.sh
    /tmp/var/ossec/active-response/bin/host-deny.sh
    1⤵
    • Writes file to tmp directory
    PID:615
    • /usr/bin/dirname
      dirname /tmp/var/ossec/active-response/bin/host-deny.sh
      2⤵
        PID:616
      • /bin/uname
        uname
        2⤵
          PID:618
        • /bin/date
          date
          2⤵
            PID:619

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads