Overview

overview

10

Static

static

10

shell-bot/22

ubuntu-18.04-amd64

7

shell-bot/a.out

ubuntu-18.04-amd64

1

shell-bot/cfs

ubuntu-18.04-amd64

7

shell-bot/cfs

debian-9-armhf

7

shell-bot/cfs

debian-9-mips

7

shell-bot/cfs

debian-9-mipsel

1

shell-bot/...SE.vbs

windows7-x64

1

shell-bot/...SE.vbs

windows10-2004-x64

1

shell-bot/...rt.vbs

windows7-x64

1

shell-bot/...rt.vbs

windows10-2004-x64

1

shell-bot/...es.vbs

windows7-x64

1

shell-bot/...es.vbs

windows10-2004-x64

1

shell-bot/...Config

ubuntu-18.04-amd64

3

shell-bot/...Config

debian-9-armhf

1

shell-bot/...Config

debian-9-mips

3

shell-bot/...Config

debian-9-mipsel

3

shell-bot/...t.so:.

ubuntu-18.04-amd64

1

shell-bot/...gen.sh

ubuntu-18.04-amd64

1

shell-bot/...gen.sh

debian-9-armhf

1

shell-bot/...gen.sh

debian-9-mips

1

shell-bot/...gen.sh

debian-9-mipsel

1

shell-bot/...ig.vbs

windows7-x64

1

shell-bot/...ig.vbs

windows10-2004-x64

1

shell-bot/...re.vbs

windows7-x64

1

shell-bot/...re.vbs

windows10-2004-x64

1

shell-bot/...ngelog

ubuntu-18.04-amd64

3

shell-bot/...ngelog

debian-9-armhf

1

shell-bot/...ngelog

debian-9-mips

shell-bot/...ngelog

debian-9-mipsel

1

shell-bot/...nstall

ubuntu-18.04-amd64

1

shell-bot/...nstall

debian-9-armhf

1

shell-bot/...nstall

debian-9-mips

1

Analysis

  • max time kernel
    6s
  • max time network
    133s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231026-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231026-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    14/11/2023, 07:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    shell-bot/ftp-server/Unreal3.2.10.2/createchangelog

  • Size

    543B

  • MD5

    7ddf6ce541962e849723a39a0f60c7a2

  • SHA1

    f0ea9e9513d9137bc0deb38ca5bb60d89d68344e

  • SHA256

    53368243908f04c836b60e3acaf6575d25ddaec4e71c6ac3e963e35b6693b45d

  • SHA512

    f85c66c11efe48e22798c783dc008676bf029d3c41a99a96e96b0d115376f8b55b1a1128adbac1d2088dbfa3c90dd053e0a51779dc96470cb9335fc1cf175365

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/shell-bot/ftp-server/Unreal3.2.10.2/createchangelog
    /tmp/shell-bot/ftp-server/Unreal3.2.10.2/createchangelog
    1⤵
      PID:1540
      • /bin/sed
        sed "s/^- - /- /g"
        2⤵
        • Reads runtime system information
        PID:1542

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads