ff3bda813b7b60df1be10565cdb422224bb7bf05fc1872c9fbb233200ba25b75

Analysis

max time kernel
19s
max time network
0s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231222-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22/12/2023, 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.gosh/randus
Size

1KB
MD5

f86f63e0e90b73502d7537c1b534e2a4
SHA1

09920b4a460aedcb34b1cbe27a9e9ee87a08ffc2
SHA256

8dc39dc84937e1ccb5afb644433916cd652f07d09044825d7036c61bc4720fa3
SHA512

00d2e5453bf51bf20f3a51ecfa3b29324dc46cf613dbc16d1e2f42f57de757d9a1755be02d6290f98a33a8494c9f5b3b33e2a66204aa71e37b2ee93d32ba3061

Score

1^/10

Malware Config

Signatures

/tmp/.gosh/randus
/tmp/.gosh/randus
1⤵
PID:1555
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1556
- /tmp/.gosh/user
  ./user 84.13
  2⤵
  PID:1557
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1558
- /tmp/.gosh/user
  ./user 217.94
  2⤵
  PID:1559
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1560
- /tmp/.gosh/user
  ./user 66.121
  2⤵
  PID:1561
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1562
- /tmp/.gosh/user
  ./user 40.40
  2⤵
  PID:1563
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1564
- /tmp/.gosh/user
  ./user 44.18
  2⤵
  PID:1565
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1566
- /tmp/.gosh/user
  ./user 32.180
  2⤵
  PID:1567
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1568
- /tmp/.gosh/user
  ./user 99.102
  2⤵
  PID:1569
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1570
- /tmp/.gosh/user
  ./user 79.120
  2⤵
  PID:1571
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1572
- /tmp/.gosh/user
  ./user 188.238
  2⤵
  PID:1576
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1577
- /tmp/.gosh/user
  ./user 79.116
  2⤵
  PID:1578
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1579
- /tmp/.gosh/user
  ./user 25.91
  2⤵
  PID:1580
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1581
- /tmp/.gosh/user
  ./user 29.210
  2⤵
  PID:1582
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1583
- /tmp/.gosh/user
  ./user 204.204
  2⤵
  PID:1584
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1585
- /tmp/.gosh/user
  ./user 50.36
  2⤵
  PID:1586
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1587
- /tmp/.gosh/user
  ./user 134.100
  2⤵
  PID:1588
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1589
- /tmp/.gosh/user
  ./user 78.5
  2⤵
  PID:1590
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1591
- /tmp/.gosh/user
  ./user 9.216
  2⤵
  PID:1592
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1593
- /tmp/.gosh/user
  ./user 118.108
  2⤵
  PID:1594
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1595
- /tmp/.gosh/user
  ./user 53.18
  2⤵
  PID:1596
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1597
- /tmp/.gosh/user
  ./user 159.245
  2⤵
  PID:1598
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1599
- /tmp/.gosh/user
  ./user 168.17
  2⤵
  PID:1600
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1601
- /tmp/.gosh/user
  ./user 38.87
  2⤵
  PID:1602
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1603
- /tmp/.gosh/user
  ./user 29.126
  2⤵
  PID:1604
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1605
- /tmp/.gosh/user
  ./user 210.76
  2⤵
  PID:1606
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1607
- /tmp/.gosh/user
  ./user 136.122
  2⤵
  PID:1608
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1609
- /tmp/.gosh/user
  ./user 110.180
  2⤵
  PID:1610
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1611
- /tmp/.gosh/user
  ./user 94.129
  2⤵
  PID:1612
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1613
- /tmp/.gosh/user
  ./user 55.233
  2⤵
  PID:1614
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1615
- /tmp/.gosh/user
  ./user 83.207
  2⤵
  PID:1616
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1617
- /tmp/.gosh/user
  ./user 53.244
  2⤵
  PID:1618
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1619
- /tmp/.gosh/user
  ./user 4.84
  2⤵
  PID:1620
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1621
- /tmp/.gosh/user
  ./user 166.227
  2⤵
  PID:1622
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1623
- /tmp/.gosh/user
  ./user 53.156
  2⤵
  PID:1624
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1625
- /tmp/.gosh/user
  ./user 61.168
  2⤵
  PID:1626
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1627
- /tmp/.gosh/user
  ./user 134.73
  2⤵
  PID:1628
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1629
- /tmp/.gosh/user
  ./user 48.247
  2⤵
  PID:1630
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1631
- /tmp/.gosh/user
  ./user 188.162
  2⤵
  PID:1632
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1633
- /tmp/.gosh/user
  ./user 127.156
  2⤵
  PID:1634
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1635
- /tmp/.gosh/user
  ./user 121.43
  2⤵
  PID:1636
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1637
- /tmp/.gosh/user
  ./user 175.63
  2⤵
  PID:1638
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1639
- /tmp/.gosh/user
  ./user 64.205
  2⤵
  PID:1640
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1641
- /tmp/.gosh/user
  ./user 7.228
  2⤵
  PID:1642
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1643
- /tmp/.gosh/user
  ./user 56.51
  2⤵
  PID:1644
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1645
- /tmp/.gosh/user
  ./user 75.69
  2⤵
  PID:1646
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1647
- /tmp/.gosh/user
  ./user 188.39
  2⤵
  PID:1648
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1649
- /tmp/.gosh/user
  ./user 25.145
  2⤵
  PID:1650
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1651
- /tmp/.gosh/user
  ./user 105.65
  2⤵
  PID:1652
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1653
- /tmp/.gosh/user
  ./user 61.194
  2⤵
  PID:1654
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1655
- /tmp/.gosh/user
  ./user 41.36
  2⤵
  PID:1656
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1657
- /tmp/.gosh/user
  ./user 120.92
  2⤵
  PID:1658
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1659
- /tmp/.gosh/user
  ./user 118.56
  2⤵
  PID:1660
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1661
- /tmp/.gosh/user
  ./user 143.217
  2⤵
  PID:1662
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1663
- /tmp/.gosh/user
  ./user 17.161
  2⤵
  PID:1664
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1665
- /tmp/.gosh/user
  ./user 169.64
  2⤵
  PID:1666
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1667
- /tmp/.gosh/user
  ./user 142.59
  2⤵
  PID:1668
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1669
- /tmp/.gosh/user
  ./user 150.41
  2⤵
  PID:1670
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1671
- /tmp/.gosh/user
  ./user 26.178
  2⤵
  PID:1672
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1673
- /tmp/.gosh/user
  ./user 140.112
  2⤵
  PID:1674
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1675
- /tmp/.gosh/user
  ./user 48.172
  2⤵
  PID:1676
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1677
- /tmp/.gosh/user
  ./user 5.82
  2⤵
  PID:1678
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1679
- /tmp/.gosh/user
  ./user 134.78
  2⤵
  PID:1680
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1681
- /tmp/.gosh/user
  ./user 135.132
  2⤵
  PID:1682
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1683
- /tmp/.gosh/user
  ./user 65.114
  2⤵
  PID:1684
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1685
- /tmp/.gosh/user
  ./user 195.41
  2⤵
  PID:1686
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1687
- /tmp/.gosh/user
  ./user 153.117
  2⤵
  PID:1688
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1689
- /tmp/.gosh/user
  ./user 110.82
  2⤵
  PID:1690
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1691
- /tmp/.gosh/user
  ./user 99.174
  2⤵
  PID:1692
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1693
- /tmp/.gosh/user
  ./user 80.251
  2⤵
  PID:1694
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1695
- /tmp/.gosh/user
  ./user 9.69
  2⤵
  PID:1696
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1697
- /tmp/.gosh/user
  ./user 107.208
  2⤵
  PID:1698
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1699
- /tmp/.gosh/user
  ./user 55.35
  2⤵
  PID:1700
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1701
- /tmp/.gosh/user
  ./user 165.92
  2⤵
  PID:1702
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1703
- /tmp/.gosh/user
  ./user 28.7
  2⤵
  PID:1704
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1705
- /tmp/.gosh/user
  ./user 74.167
  2⤵
  PID:1706
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1707
- /tmp/.gosh/user
  ./user 118.198
  2⤵
  PID:1708
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1709
- /tmp/.gosh/user
  ./user 153.166
  2⤵
  PID:1710
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1711
- /tmp/.gosh/user
  ./user 18.223
  2⤵
  PID:1712
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1713
- /tmp/.gosh/user
  ./user 67.17
  2⤵
  PID:1714
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1715
- /tmp/.gosh/user
  ./user 123.106
  2⤵
  PID:1716
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1717
- /tmp/.gosh/user
  ./user 219.185
  2⤵
  PID:1718
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1719
- /tmp/.gosh/user
  ./user 52.126
  2⤵
  PID:1720
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1721
- /tmp/.gosh/user
  ./user 129.46
  2⤵
  PID:1722
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1723
- /tmp/.gosh/user
  ./user 78.17
  2⤵
  PID:1724
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1725
- /tmp/.gosh/user
  ./user 215.18
  2⤵
  PID:1726
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1727
- /tmp/.gosh/user
  ./user 190.76
  2⤵
  PID:1728
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1729
- /tmp/.gosh/user
  ./user 39.248
  2⤵
  PID:1730
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1731
- /tmp/.gosh/user
  ./user 35.204
  2⤵
  PID:1732
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1733
- /tmp/.gosh/user
  ./user 202.183
  2⤵
  PID:1735
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1737
- /tmp/.gosh/user
  ./user 112.194
  2⤵
  PID:1739
- /usr/bin/seq
  seq 0 255
  2⤵
  PID:1740

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads