Analysis
-
max time kernel
14s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
-
submitted
20-12-2023 05:19
General
-
Target
create
-
Size
669B
-
MD5
18d2b80638dc8ed90e86c7caf316fe43
-
SHA1
887f50f37a7e57abd113153becd5d8e36a780b19
-
SHA256
d6a88499031026e3216ac733dd5b6365d597fa91599d33ec10a65cbb72e229b8
-
SHA512
1ab557c50377097f1b4f59bacea66de1b569ea8e341d47155919d2996157f71e078e3a4b474ef005c7320e4eb46199fdda01dcffe5df6973778059466c0f2cec
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 2 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 6 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/create/tmp/create1⤵
- Writes file to tmp directory
-
/bin/catcat auto2⤵
-
-
/usr/bin/crontabcrontab cronjobs2⤵
- Creates/modifies Cron job
-
-
/bin/rmrm -f cronjobs2⤵
-
-
/usr/bin/crontabcrontab -l2⤵
- Reads runtime system information
-
-
/bin/chmodchmod u+x auto init.d2⤵
-
-
/bin/shsh -c "./auto > /dev/null 2>&1 &"2⤵
-
-
/bin/rmrm -f aarch64 x86_64 hide.c init.c start create2⤵
-
-
/tmp/auto./auto1⤵
- Executes dropped EXE
- Writes file to tmp directory
-
/tmp/init.d/tmp/init.d2⤵
-
/tmp/init./init3⤵
-
-
-
/bin/chmodchmod 755 auto hide init init.d logs mining mkcfg systemd-private-4b192e10fe854c5f8803ee2d4da1ab24-systemd-timedated.service-MLzf3n2⤵
-
-
/usr/bin/pkillpkill -9 init2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/tmp/mining./mining1⤵
- Writes file to tmp directory
-
/tmp/init/tmp/init2⤵
-
-
/bin/unameuname -m2⤵
-
-
/bin/psps -ef2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep "sendmail: accepting connections"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/headhead -12⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5097306edbb9c640047927e86fadc1ae9
SHA1a364b57e1a83551729cb4e170e562ebb0aaa6608
SHA2561785cbdfcace2004c0d21cbc262071adf07ca0cd61f14fe5c66e737103025f3f
SHA51260dd9daa455a8b636ce3cdf6a458d9151381c8de436e6197ed3a22c739bb893097abcf8728e61433ce9d2aece388aaff5a58405f85f956fc6c45c5f8e184e4df
-
Filesize
197B
MD5988b8163f85fc328dfacf8478e88b069
SHA10f862fb275a5755b112c426246300be43a1b34b9
SHA2561f758502b2970809a3d695a41f21e73fb6b6ad372a744394aa24267efda6c26f
SHA512449d4ac3876795b2727360edebd1e29c836a41397378a762758e1188c76629df4baeb2277e5b977f97efeb5dcca03503d350ce111eb8a292c9408dd73162ad8e
-
Filesize
36B
MD51d6269061b92bd8301a1ef18d77f11e5
SHA108125649ef9f58f504b4526530234d7512bab41e
SHA256d2f5f29e60b1a7c23b311ae0f1c1c55d1e5bb4e116164ae31d27f172c985976d
SHA512bd2134fefa6c84764ce74c1831fc90da81bebd8812229189f8f9899bca14d1b2c567d6f57f024786e3f170d7e27c8e8b98b4db1045d98d4db542b9ef7f8370c6
-
Filesize
76B
MD56103f8dacb16843a609dcb52eccc7f01
SHA1409016664bb94e4c7d4728ff1f92c8a450cb6102
SHA25647b3e37200c81a6f9d18803269d5c48410dc545d69e3216ea26c79393345de39
SHA51219c69bd7c2ef044524550d6cdefb25c37652006305dc43b6214ae48565a6dc147aaa07f5a36110ebab2fc3c2efaee4e1adc34ffd45b48f88364a7de6de9ae5b3
-
Filesize
258B
MD511820917213d0c4250ce0afd05c842d7
SHA1e8cd951792190632d1389db23fa1376e45fb6380
SHA2568a7c3cc8a71aae5be8eef83ec6690bdf0dd85ae224cc043d4f420a614db4063a
SHA512691872dfba9b90d0bf7214a83b16efc22d1c198c454260c7c1dce31bfc21c6dba36989efdc0b374b5863e0ac93b1a92858649393972aef09e93d71614f764a77