Analysis
-
max time kernel
13s -
max time network
158s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
-
submitted
20/12/2023, 05:19
General
-
Target
create
-
Size
669B
-
MD5
18d2b80638dc8ed90e86c7caf316fe43
-
SHA1
887f50f37a7e57abd113153becd5d8e36a780b19
-
SHA256
d6a88499031026e3216ac733dd5b6365d597fa91599d33ec10a65cbb72e229b8
-
SHA512
1ab557c50377097f1b4f59bacea66de1b569ea8e341d47155919d2996157f71e078e3a4b474ef005c7320e4eb46199fdda01dcffe5df6973778059466c0f2cec
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 2 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 8 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/create/tmp/create1⤵
- Writes file to tmp directory
-
/bin/catcat auto2⤵
-
-
/usr/bin/crontabcrontab cronjobs2⤵
- Creates/modifies Cron job
-
-
/bin/rmrm -f cronjobs2⤵
-
-
/usr/bin/crontabcrontab -l2⤵
-
-
/bin/chmodchmod u+x auto init.d2⤵
-
-
/bin/shsh -c "./auto > /dev/null 2>&1 &"2⤵
-
-
/bin/rmrm -f aarch64 x86_64 hide.c init.c start create2⤵
-
-
/tmp/auto./auto1⤵
- Executes dropped EXE
- Writes file to tmp directory
-
/tmp/init.d/tmp/init.d2⤵
-
-
/bin/chmodchmod 755 auto config-err-6RKMsO hide init init.d logs mining mkcfg netplan__hapx7z6 snap-private-tmp ssh-uxHqTU51WrM3 systemd-private-732c1e7975dc47dea6dcb64555bc4491-ModemManager.service-iKTeZl systemd-private-732c1e7975dc47dea6dcb64555bc4491-bolt.service-qPQY6p systemd-private-732c1e7975dc47dea6dcb64555bc4491-colord.service-OfhWvp systemd-private-732c1e7975dc47dea6dcb64555bc4491-fwupd.service-kMJNqD systemd-private-732c1e7975dc47dea6dcb64555bc4491-systemd-resolved.service-CozP7L systemd-private-732c1e7975dc47dea6dcb64555bc4491-systemd-timedated.service-IbNrUH2⤵
-
-
/usr/bin/pkillpkill -9 init2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/tmp/init./init1⤵
-
/tmp/mining./mining1⤵
- Writes file to tmp directory
-
/tmp/init/tmp/init2⤵
-
-
/bin/unameuname -m2⤵
-
-
/tmp/hide./hide -s "sendmail: accepting connections" ./mine2⤵
- Writes file to tmp directory
-
-
/tmp/mine"sendmail: accepting connections"2⤵
-
-
/bin/psps -ef2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep "sendmail: accepting connections"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/headhead -12⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5349c54ba981392f41faf79544ab282e6
SHA1a10b57230ccb0cb2b3bc7bcc6735c0b722790c76
SHA256bd6b18bf2ee7fb7156a9847953a0ec30d02800d3006431379dbe31044b866a89
SHA512935d259ec1fe1c66aef8b4ced9a696ad51bd95924b1b14f8f3ef7fa34b7683072940ec62fae9f511e7c168cf88b84ae80ce606fc0e32eb160b6d28eab2f2cb83
-
Filesize
5B
MD5097306edbb9c640047927e86fadc1ae9
SHA1a364b57e1a83551729cb4e170e562ebb0aaa6608
SHA2561785cbdfcace2004c0d21cbc262071adf07ca0cd61f14fe5c66e737103025f3f
SHA51260dd9daa455a8b636ce3cdf6a458d9151381c8de436e6197ed3a22c739bb893097abcf8728e61433ce9d2aece388aaff5a58405f85f956fc6c45c5f8e184e4df
-
Filesize
197B
MD5988b8163f85fc328dfacf8478e88b069
SHA10f862fb275a5755b112c426246300be43a1b34b9
SHA2561f758502b2970809a3d695a41f21e73fb6b6ad372a744394aa24267efda6c26f
SHA512449d4ac3876795b2727360edebd1e29c836a41397378a762758e1188c76629df4baeb2277e5b977f97efeb5dcca03503d350ce111eb8a292c9408dd73162ad8e
-
Filesize
36B
MD51d6269061b92bd8301a1ef18d77f11e5
SHA108125649ef9f58f504b4526530234d7512bab41e
SHA256d2f5f29e60b1a7c23b311ae0f1c1c55d1e5bb4e116164ae31d27f172c985976d
SHA512bd2134fefa6c84764ce74c1831fc90da81bebd8812229189f8f9899bca14d1b2c567d6f57f024786e3f170d7e27c8e8b98b4db1045d98d4db542b9ef7f8370c6
-
Filesize
76B
MD56103f8dacb16843a609dcb52eccc7f01
SHA1409016664bb94e4c7d4728ff1f92c8a450cb6102
SHA25647b3e37200c81a6f9d18803269d5c48410dc545d69e3216ea26c79393345de39
SHA51219c69bd7c2ef044524550d6cdefb25c37652006305dc43b6214ae48565a6dc147aaa07f5a36110ebab2fc3c2efaee4e1adc34ffd45b48f88364a7de6de9ae5b3
-
Filesize
5B
MD579ea852ce4729ce0dc2bb9d9526c8055
SHA10ddf34990a5ff4cd38b9bf0827b89e5178cd6032
SHA25619b475910ee9ba3f7199cbe69292a0034dc313f788ccfb67cd83f472e95f885d
SHA512abb1b7476661edfb434adbacf204e0e161b39a2897a6a7f5e6925e162f1e2805bcd6868c162157314c59b267e29936dd044fdb0721c2c8e72843e4d8bb6606ad
-
Filesize
258B
MD59199a901b48aa0094b122b993f501af4
SHA1fd2fe1df94a89fd4c947f97eafc61c937f02d832
SHA256829cccb925fe1b5c7daedc3b4993d20fda77b79c3068424024caa99c52ebee94
SHA5122a5f9a430e629df85b5690a967ed1ff4340ff453523cf323936552add34cd0b59de5c4398fec18f781d540a575eaa2f9aee9cf615843f40af167cb2df46b5786