0789e989e22023133f45d367379d60ae7fe691c65ee390b3219de48b535d60ff | Triage

Analysis

max time kernel
4s
max time network
103s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
07/10/2023, 23:47

Sharing

Report Analysis Logs

General

Target

var/ossec/active-response/bin/ipfw.sh
Size

1KB
MD5

33ab5d196695ec8839f76ffaaa6f27be
SHA1

f538020f501953027c97d77c8cc09d7e9aafd091
SHA256

1ca8c12b62b03c3eaa2e2adc6cfe2398055180b17d382a801d220f35f01efa9a
SHA512

9f5687711d839c34d7d22a2479315e757c0d0ea0719ce895597e7d6ef06f9fb4fe7b98f8043fbef2f9ff25325036d6c6cbe36df3ca0585a3c743f0af63c2b5da

Score

3^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/var/ossec/logs/active-responses.log	ipfw.sh

/tmp/var/ossec/active-response/bin/ipfw.sh
/tmp/var/ossec/active-response/bin/ipfw.sh
1⤵
- Writes file to tmp directory
PID:585
- /bin/uname
  uname
  2⤵
  PID:586
- /usr/bin/dirname
  dirname /tmp/var/ossec/active-response/bin/ipfw.sh
  2⤵
  PID:587
- /bin/date
  date
  2⤵
  PID:589

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads