132c2d111dc80c1076d9a0148d20b9e56ba3b130c15b249c56139505a5a84807

Resubmissions

02-11-2023 08:30

231102-kec7vabe32 7

02-11-2023 08:11

231102-j3c2babc67 7

13-08-2022 12:40

220813-pwnr5acdg5 5

Analysis

max time kernel
6s
max time network
181s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231026-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231026-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
02-11-2023 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aktiun
Size

7.9MB
MD5

f83d9b27b1062cac3fe4020da4d4cdd2
SHA1

2cae27073004b3ceb3015c9078583d83732a8dc7
SHA256

132c2d111dc80c1076d9a0148d20b9e56ba3b130c15b249c56139505a5a84807
SHA512

7b760225512c0d7bf71ac8f7b2fe9c0b519072dc07b316398eb507c4baab6f3a8e0cb034cd1ebf87f8b376cf675bb281e696861427155b9ab7f45b8db25c340f
SSDEEP

98304:myxFnU72dgT8oPzkzBq8Gwim73PlpfbINz/v5AHySM7VI:jU8oPG7INlj3y

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

aktiun

ioc pid process

/tmp/onefile_1539_1698909173_845128/aktiun 1540 aktiun

ioc	pid	process
/tmp/onefile_1539_1698909173_845128/aktiun	1540	aktiun

Writes file to tmp directory 11 IoCs

Malware often drops required files in the /tmp directory.

Processes:

aktiun

description	ioc	process
File opened for modification	/tmp/onefile_1539_1698909173_845128/_codecs_iso2022.so	aktiun
File opened for modification	/tmp/onefile_1539_1698909173_845128/_codecs_kr.so	aktiun
File opened for modification	/tmp/onefile_1539_1698909173_845128/_codecs_tw.so	aktiun
File opened for modification	/tmp/onefile_1539_1698909173_845128/_opcode.so	aktiun
File opened for modification	/tmp/onefile_1539_1698909173_845128/libexpat.so.1	aktiun
File opened for modification	/tmp/onefile_1539_1698909173_845128/libz.so.1	aktiun
File opened for modification	/tmp/onefile_1539_1698909173_845128/_codecs_hk.so	aktiun
File opened for modification	/tmp/onefile_1539_1698909173_845128/_codecs_cn.so	aktiun
File opened for modification	/tmp/onefile_1539_1698909173_845128/_codecs_jp.so	aktiun
File opened for modification	/tmp/onefile_1539_1698909173_845128/_multibytecodec.so	aktiun
File opened for modification	/tmp/onefile_1539_1698909173_845128/aktiun	aktiun

/tmp/aktiun
/tmp/aktiun
1⤵
- Writes file to tmp directory
PID:1539

/tmp/onefile_1539_1698909173_845128/aktiun
2⤵
- Executes dropped EXE
PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/onefile_1539_1698909173_845128/_codecs_cn.so
Filesize
153KB

MD5
48e723d104539b9c5380dcbfe023b828

SHA1
107ff39fb33ae117bc7525d8da92697fd608b34a

SHA256
71d71b38c5c6ab63d372033ee84299be35c826b98c9723a9c9b84fd55923c451

SHA512
447e2662110e757d9fed33d2c4149a2b838c4bd424830285aeb4f044d375f7c2f1970ee07ab7d65a0b55e39f3d6da964f7ef6bf0c12362ae193ee74c7c805c42

Download Submit
/tmp/onefile_1539_1698909173_845128/_codecs_hk.so
Filesize
161KB

MD5
4f6bdf6402792b83ddcba8e9c6ed559b

SHA1
ead079865cf0dc9d066012244b22b25e116b3e8e

SHA256
8defae30d31c8a93e8b68ee1c8d303d62e530cffd95b46b53eefae9c8cc14d46

SHA512
e7263ea3db9251f4a76310499b989266758235dfdcf9bed88ec11fad2e5c7d5f7335230bf78bfb304d3d51d74f718819c3c3c09fee74f5e91286cd9e60123a73

Download Submit
/tmp/onefile_1539_1698909173_845128/_codecs_iso2022.so
Filesize
33KB

MD5
c170fca6456dbb83309ab1c1f69ce98a

SHA1
9f65e5f6d5218a74d5d14afa71c90c1d67e89350

SHA256
1ce3313eadc36ad9fe8a1d7427c5b217cab7988085cbe82e82004ce5b7dd3ff8

SHA512
a041a44e8835f292143fe51fb97f7396da535770c7fb866f7d5a293d38e50ddfdf8b9f771f029bd9da56120db2a6a1b4681fc5231913c5fcd1b292f955721f5f

Download Submit
/tmp/onefile_1539_1698909173_845128/_codecs_jp.so
Filesize
269KB

MD5
15359bdde15643332cca760833f88e73

SHA1
0f82edb5384eac52e7f8655a8fd76e1ca14d491a

SHA256
683c4532ab60936fa54ee7053e9bf5e929244818d292868485097846981a51a0

SHA512
e74845567306cd0a3b88815da38f21e83f79df31409178cbf96d375489d00bde18c80f524dda86f950dfa7177b0ccd3cefe7bd92698672e1e250667e0393962f

Download Submit
/tmp/onefile_1539_1698909173_845128/_codecs_kr.so
Filesize
141KB

MD5
2cbbf51eb97445b06cde06c81766276e

SHA1
75539bc8fcbe387c766019b4e975bb3bb35c6e3d

SHA256
b6ca1e5f663167e2010f2e54703b9a02277894026cfbf6eba3ccdc8e9cf71b45

SHA512
716f67077c929dada5dd44a46749453c3cbd159f674b8d74aa08340a0db32ff8532244fa4786d1856cce75077aa67bbf35444ab9541873b9fb932d83ba9ecaac

Download Submit
/tmp/onefile_1539_1698909173_845128/_codecs_tw.so
Filesize
113KB

MD5
2b1ce325ba4d30df8bffe921c7536722

SHA1
368596a45b391fd03b2dfbe009339ed685551436

SHA256
e7b8b2c4b5e8abc05b1c5109a42a6a2d633f32a0ac874780e917889b4e81dfcb

SHA512
4550a48c4cf14450a4975e767942a725ab0421f0f404ce348819c898178f19c5581d3f0a841e8ca2d643ed6d1fdf91c4653e82e801e96088f9f4fdce24dedd92

Download Submit
/tmp/onefile_1539_1698909173_845128/_multibytecodec.so
Filesize
56KB

MD5
7e4daca59f697c1e045f48b67c04c62f

SHA1
d716031bc9d82875204abab345f8a38c70bdba18

SHA256
07f1b9c7f668efaacc7805a479e3e18d30ea515c3d2309d04888b1e65c7ae2de

SHA512
9beda95acc614ec38f0943ccb6b439239c6a8053315d48c1d212caddbb2b0161ac458cbe303be31f7854c6d6de9248387e9cd546fd199ef34cd7a68d0e65f950

Download Submit
/tmp/onefile_1539_1698909173_845128/_opcode.so
Filesize
17KB

MD5
3cdb5d46290316a70acffd0f87608645

SHA1
db51ba27d8e367bf57c2815ac7eba30f53c0c9ea

SHA256
7f3ab30fa39fe258098417394c66378fa3035828d77e6c3f031e892f523cf3ac

SHA512
e6dab5e8c92e2bfc8e0367a987ce19b5fd19eacf000133e8140c4fa05d92c5f2056caf68a9d8c9b1b377b4376b83826df456bd781b928c8af844be4352cc4212

Download Submit
/tmp/onefile_1539_1698909173_845128/aktiun
Filesize
6.7MB

MD5
6cb1c36d38df0da8ae4c61cce6d77357

SHA1
efde327414dc8a366455d10882c856488f75c825

SHA256
356c55cace6ca4d1241ee66692db489e2ec13a24a19f2f135a7ba07cea508907

SHA512
595bf929b7ee9e8ca352cb511de3b2c13fb4d417cb04f9fc02dcc3b7de462b4c336f50c6951958e6eb3c46c299099610015a67b0fd259ab94afa0d3f8807613e

Download Submit
/tmp/onefile_1539_1698909173_845128/libexpat.so.1
Filesize
186KB

MD5
f523275ef631ec35122483cf16141497

SHA1
e7607e09a170fd9220e71760d2f669d83472f442

SHA256
9480980222219f353a464e9de59a6b7de9d2e5f7666fd1e90d77930ee19a21aa

SHA512
4b9d0b37b0a835556c12d46e1c5958417ee09837cb1d3c5bf12aed50db6a191a6ed8a50c55366f03fd5544fb20fed4cc27331c758f696661918bdb0488d9dd6f

Download Submit
/tmp/onefile_1539_1698909173_845128/libz.so.1
Filesize
114KB

MD5
f76e8916d4be215b51f98ac8d4ad676d

SHA1
7d97ddc4782e3add77765b602f0893802a7c6817

SHA256
1997057fd8fc03af9680fc2cae36b101d37144fea2591ea5c38500a73c883331

SHA512
54652943b03c57231a182325ff21aa2b93c25c95a8012c7f96b2723807cdbc11cd5d04f6c8e7e5129d4a4e511cec7c46303525b5de58ddadb924d7b90a4932cc

Download Submit