Overview
overview
7Static
static
1run.sh
ubuntu-18.04-amd64
3run.sh
debian-9-armhf
3run.sh
debian-9-mips
3run.sh
debian-9-mipsel
32637
ubuntu-18.04-amd64
12637.64
ubuntu-18.04-amd64
1f00c0d3/0/0x82
ubuntu-18.04-amd64
f00c0d3/0/...9-2692
ubuntu-18.04-amd64
f00c0d3/0/...9-2698
ubuntu-18.04-amd64
f00c0d3/0/0x82-simple
ubuntu-18.04-amd64
f00c0d3/0/...bay.sh
ubuntu-18.04-amd64
6f00c0d3/0/...bay.sh
debian-9-armhf
6f00c0d3/0/...bay.sh
debian-9-mips
1f00c0d3/0/...bay.sh
debian-9-mipsel
6f00c0d3/0/...xploit
ubuntu-18.04-amd64
f00c0d3/0/...kernel
ubuntu-18.04-amd64
f00c0d3/0/...endmsg
ubuntu-18.04-amd64
f00c0d3/0/i
ubuntu-18.04-amd64
f00c0d3/0/i2
ubuntu-18.04-amd64
f00c0d3/0/...ndpage
ubuntu-18.04-amd64
f00c0d3/0/...xploit
ubuntu-18.04-amd64
f00c0d3/0/...e2/run
ubuntu-18.04-amd64
7f00c0d3/0/...e2/run
debian-9-armhf
1f00c0d3/0/...e2/run
debian-9-mips
1f00c0d3/0/...e2/run
debian-9-mipsel
1f00c0d3/0/...p_zero
ubuntu-18.04-amd64
3f00c0d3/0/...p_zero
debian-9-armhf
1f00c0d3/0/...p_zero
debian-9-mips
1f00c0d3/0/...p_zero
debian-9-mipsel
3f00c0d3/0/...p_zero
ubuntu-18.04-amd64
3f00c0d3/0/...p_zero
debian-9-armhf
1f00c0d3/0/...p_zero
debian-9-mips
3Analysis
-
max time kernel
6s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20231215-en -
resource tags
arch:mipselimage:debian9-mipsel-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
22-12-2023 03:07
Static task
static1
Behavioral task
behavioral1
Sample
run.sh
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral2
Sample
run.sh
Resource
debian9-armhf-20231222-en
debian-9-armhf
Behavioral task
behavioral3
Sample
run.sh
Resource
debian9-mipsbe-20231222-en
debian-9-mips
Behavioral task
behavioral4
Sample
run.sh
Resource
debian9-mipsel-20231215-en
debian-9-mipsel
Behavioral task
behavioral5
Sample
2637
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral6
Sample
2637.64
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral7
Sample
f00c0d3/0/0x82
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral8
Sample
f00c0d3/0/0x82-CVE-2009-2692
Resource
ubuntu1804-amd64-20231222-en
ubuntu-18.04-amd64
Behavioral task
behavioral9
Sample
f00c0d3/0/0x82-CVE-2009-2698
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral10
Sample
f00c0d3/0/0x82-simple
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral11
Sample
f00c0d3/0/cheddar_bay/cheddar_bay.sh
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral12
Sample
f00c0d3/0/cheddar_bay/cheddar_bay.sh
Resource
debian9-armhf-20231222-en
debian-9-armhf
Behavioral task
behavioral13
Sample
f00c0d3/0/cheddar_bay/cheddar_bay.sh
Resource
debian9-mipsbe-20231215-en
debian-9-mips
Behavioral task
behavioral14
Sample
f00c0d3/0/cheddar_bay/cheddar_bay.sh
Resource
debian9-mipsel-20231215-en
debian-9-mipsel
Behavioral task
behavioral15
Sample
f00c0d3/0/cheddar_bay/exploit
Resource
ubuntu1804-amd64-20231222-en
ubuntu-18.04-amd64
Behavioral task
behavioral16
Sample
f00c0d3/0/cheddar_bay/pwnkernel
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral17
Sample
f00c0d3/0/hoagie_udp_sendmsg
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral18
Sample
f00c0d3/0/i
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral19
Sample
f00c0d3/0/i2
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral20
Sample
f00c0d3/0/linux-sendpage
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral21
Sample
f00c0d3/0/linux-sendpage2/exploit
Resource
ubuntu1804-amd64-20231222-en
ubuntu-18.04-amd64
Behavioral task
behavioral22
Sample
f00c0d3/0/linux-sendpage2/run
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral23
Sample
f00c0d3/0/linux-sendpage2/run
Resource
debian9-armhf-20231215-en
debian-9-armhf
Behavioral task
behavioral24
Sample
f00c0d3/0/linux-sendpage2/run
Resource
debian9-mipsbe-20231215-en
debian-9-mips
Behavioral task
behavioral25
Sample
f00c0d3/0/linux-sendpage2/run
Resource
debian9-mipsel-20231222-en
debian-9-mipsel
Behavioral task
behavioral26
Sample
f00c0d3/0/linux-sendpage2/runcon-mmap_zero
Resource
ubuntu1804-amd64-20231222-en
ubuntu-18.04-amd64
Behavioral task
behavioral27
Sample
f00c0d3/0/linux-sendpage2/runcon-mmap_zero
Resource
debian9-armhf-20231215-en
debian-9-armhf
Behavioral task
behavioral28
Sample
f00c0d3/0/linux-sendpage2/runcon-mmap_zero
Resource
debian9-mipsbe-20231215-en
debian-9-mips
Behavioral task
behavioral29
Sample
f00c0d3/0/linux-sendpage2/runcon-mmap_zero
Resource
debian9-mipsel-20231215-en
debian-9-mipsel
Behavioral task
behavioral30
Sample
f00c0d3/0/linux-sendpage2/sesearch-mmap_zero
Resource
ubuntu1804-amd64-20231222-en
ubuntu-18.04-amd64
Behavioral task
behavioral31
Sample
f00c0d3/0/linux-sendpage2/sesearch-mmap_zero
Resource
debian9-armhf-20231215-en
debian-9-armhf
Behavioral task
behavioral32
Sample
f00c0d3/0/linux-sendpage2/sesearch-mmap_zero
Resource
debian9-mipsbe-20231222-en
debian-9-mips
General
-
Target
f00c0d3/0/cheddar_bay/cheddar_bay.sh
-
Size
252B
-
MD5
40547dbdb0bffeea449dca4eb406f902
-
SHA1
f438407faaa99c9b9711cb8dd9f261a714a97274
-
SHA256
117f73af5efd3c62d86974c19599e79b81d2855e393d4c65f86a8331efbc7c36
-
SHA512
6d3f3fb3d707b115a5a86e0d39ae07b001251cba2763c437544b5114f5a2d55e68b72e9eeff9e34026c3a93da0d50ab9a8070ac1b4ad34f01b809174b9142da0
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/375/stat killall File opened for reading /proc/11/stat killall File opened for reading /proc/22/stat killall File opened for reading /proc/36/stat killall File opened for reading /proc/117/cmdline killall File opened for reading /proc/326/stat killall File opened for reading /proc/356/stat killall File opened for reading /proc/714/stat killall File opened for reading /proc/2/stat killall File opened for reading /proc/21/stat killall File opened for reading /proc/77/stat killall File opened for reading /proc/75/stat killall File opened for reading /proc/350/stat killall File opened for reading /proc/689/stat killall File opened for reading /proc/694/stat killall File opened for reading /proc/709/stat killall File opened for reading /proc/filesystems killall File opened for reading /proc/6/stat killall File opened for reading /proc/8/stat killall File opened for reading /proc/10/stat killall File opened for reading /proc/1/stat killall File opened for reading /proc/146/stat killall File opened for reading /proc/392/stat killall File opened for reading /proc/502/stat killall File opened for reading /proc/698/stat killall File opened for reading /proc/20/stat killall File opened for reading /proc/37/stat killall File opened for reading /proc/351/stat killall File opened for reading /proc/689/cmdline killall File opened for reading /proc/690/stat killall File opened for reading /proc/695/stat killall File opened for reading /proc/filesystems getenforce File opened for reading /proc/12/stat killall File opened for reading /proc/151/stat killall File opened for reading /proc/166/stat killall File opened for reading /proc/71/stat killall File opened for reading /proc/83/stat killall File opened for reading /proc/146/cmdline killall File opened for reading /proc/19/stat killall File opened for reading /proc/24/stat killall File opened for reading /proc/69/stat killall File opened for reading /proc/14/stat killall File opened for reading /proc/377/stat killall File opened for reading /proc/7/stat killall File opened for reading /proc/675/stat killall File opened for reading /proc/74/stat killall File opened for reading /proc/76/stat killall File opened for reading /proc/78/stat killall File opened for reading /proc/79/stat killall File opened for reading /proc/106/stat killall File opened for reading /proc/4/stat killall File opened for reading /proc/9/stat killall File opened for reading /proc/70/stat killall File opened for reading /proc/544/stat killall File opened for reading /proc/545/stat killall File opened for reading /proc/692/stat killall File opened for reading /proc/690/cmdline killall File opened for reading /proc/15/stat killall File opened for reading /proc/23/stat killall File opened for reading /proc/355/stat killall File opened for reading /proc/698/cmdline killall File opened for reading /proc/82/stat killall File opened for reading /proc/117/stat killall File opened for reading /proc/391/stat killall
Processes
-
/tmp/f00c0d3/0/cheddar_bay/cheddar_bay.sh/tmp/f00c0d3/0/cheddar_bay/cheddar_bay.sh1⤵PID:709
-
/usr/bin/killallkillall -9 pulseaudio2⤵
- Reads runtime system information
PID:712
-
-
/usr/sbin/getenforce/usr/sbin/getenforce2⤵
- Reads runtime system information
PID:718
-
-
/tmp/f00c0d3/0/cheddar_bay/pwnkernel./pwnkernel2⤵PID:719
-