4fe381a792558b6dc51d5be7b3f037367dcb579db9228caa8c9dc7bf5f110582 | Triage

Analysis

max time kernel
151s
max time network
150s
platform
debian-9_armhf
resource
debian9-armhf-20231215-en
resource tags

arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
20/12/2023, 00:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

75c66018c5104e6a7813997593d5f9f8
Size

14KB
MD5

75c66018c5104e6a7813997593d5f9f8
SHA1

0c38bf6c357e4a196fc4d57b2682a8f817b2488c
SHA256

4fe381a792558b6dc51d5be7b3f037367dcb579db9228caa8c9dc7bf5f110582
SHA512

3c81c8701f305fabac6587933ef5adb2dc305ca6163a4d74c13838f02a127f29411012ce0510020fe9a96b80e958abb6b08d3c562748db9c89db7a5cd4b437cf
SSDEEP

384:OMB5Dz2a8PpCq/d/9wC4jyKhaX6107Cpt54jtzKC:JB5DzR8Ak/9x4jycs7CP54jtz3

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	uv5vuM3wiYA	657	75c66018c5104e6a7813997593d5f9f8

Deletes itself 1 IoCs

pid	Process
657	75c66018c5104e6a7813997593d5f9f8

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/75c66018c5104e6a7813997593d5f9f8	75c66018c5104e6a7813997593d5f9f8

/tmp/75c66018c5104e6a7813997593d5f9f8
/tmp/75c66018c5104e6a7813997593d5f9f8
1⤵
- Changes its process name
- Deletes itself
- Writes file to tmp directory
PID:657

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads