Overview
overview
7Static
static
1scan/1
ubuntu-18.04-amd64
1scan/1
debian-9-armhf
1scan/1
debian-9-mips
1scan/1
debian-9-mipsel
1scan/2
ubuntu-18.04-amd64
1scan/2
debian-9-armhf
1scan/2
debian-9-mips
1scan/2
debian-9-mipsel
1scan/3
ubuntu-18.04-amd64
1scan/3
debian-9-armhf
1scan/3
debian-9-mips
1scan/3
debian-9-mipsel
1scan/class
ubuntu-18.04-amd64
1scan/go
ubuntu-18.04-amd64
7scan/go
debian-9-armhf
1scan/go
debian-9-mips
7scan/go
debian-9-mipsel
7scan/random
ubuntu-18.04-amd64
1scan/random
debian-9-armhf
1scan/random
debian-9-mips
1scan/random
debian-9-mipsel
1scan/screen
ubuntu-18.04-amd64
scan/update
ubuntu-18.04-amd64
1Analysis
-
max time kernel
35s -
max time network
26s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231215-en -
resource tags
arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
22/12/2023, 08:25
Static task
static1
Behavioral task
behavioral1
Sample
scan/1
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral2
Sample
scan/1
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral3
Sample
scan/1
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral4
Sample
scan/1
Resource
debian9-mipsel-20231215-en
Behavioral task
behavioral5
Sample
scan/2
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral6
Sample
scan/2
Resource
debian9-armhf-20231222-en
Behavioral task
behavioral7
Sample
scan/2
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral8
Sample
scan/2
Resource
debian9-mipsel-20231222-en
Behavioral task
behavioral9
Sample
scan/3
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral10
Sample
scan/3
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral11
Sample
scan/3
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral12
Sample
scan/3
Resource
debian9-mipsel-20231222-en
Behavioral task
behavioral13
Sample
scan/class
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral14
Sample
scan/go
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral15
Sample
scan/go
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral16
Sample
scan/go
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral17
Sample
scan/go
Resource
debian9-mipsel-20231222-en
Behavioral task
behavioral18
Sample
scan/random
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral19
Sample
scan/random
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral20
Sample
scan/random
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral21
Sample
scan/random
Resource
debian9-mipsel-20231222-en
Behavioral task
behavioral22
Sample
scan/screen
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral23
Sample
scan/update
Resource
ubuntu1804-amd64-20231215-en
General
-
Target
scan/go
-
Size
794B
-
MD5
fd52040029cde6318569f91abc1090fc
-
SHA1
65117e69cfc77df7db1d0695eb66903093e2e397
-
SHA256
150ad9bc0078b993db48ed0d373723df82c89e23c3d1dcfb795aac3f5853a5cc
-
SHA512
5f707d39c2494cf7bc41acc3a5402d1442ab12c4cc2c73c9f15dedac7e9d37d25a01119a02887e442bdeaacc3f3290b6dd33f1c5cdbbca011df140c11ce129f7
Malware Config
Signatures
-
description ioc Process File deleted /var/log/audit/audit.log rm -
Deletes system logs 1 TTPs 4 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
description ioc Process File deleted /var/log/messages rm File deleted /var/log/syslog rm File deleted /var/log/messages rm File deleted /var/log/syslog rm -
Deletes log files 1 TTPs 48 IoCs
Deletes log files on the system.
description ioc Process File deleted /var/log/alternatives.log rm File deleted /var/log/mail.warn rm File deleted /var/log/apt/eipp.log.xz rm File deleted /var/log/btmp rm File deleted /var/log/debug rm File deleted /var/log/lastlog rm File deleted /var/log/apt rm File deleted /var/log/btmp rm File deleted /var/log/mail.err rm File deleted /var/log/apt rm File deleted /var/log/exim4/mainlog rm File deleted /var/log/faillog rm File deleted /var/log/dpkg.log rm File deleted /var/log/apt/history.log rm File deleted /var/log/installer/hardware-summary rm File deleted /var/log/installer/cdebconf rm File deleted /var/log/auth.log rm File deleted /var/log/fontconfig.log rm File deleted /var/log/kern.log rm File deleted /var/log/auth.log rm File deleted /var/log/faillog rm File deleted /var/log/alternatives.log rm File deleted /var/log/apt/term.log rm File deleted /var/log/audit rm File deleted /var/log/kern.log rm File deleted /var/log/mail.info rm File deleted /var/log/mail.log rm File deleted /var/log/installer/syslog rm File deleted /var/log/installer/cdebconf/templates.dat rm File deleted /var/log/wtmp rm File deleted /var/log/debug rm File deleted /var/log/exim4 rm File deleted /var/log/user.log rm File deleted /var/log/daemon.log rm File deleted /var/log/installer/cdebconf/questions.dat rm File deleted /var/log/user.log rm File deleted /var/log/fontconfig.log rm File deleted /var/log/installer rm File deleted /var/log/lastlog rm File deleted /var/log/dpkg.log rm File deleted /var/log/exim4 rm File deleted /var/log/installer rm File deleted /var/log/audit rm File deleted /var/log/daemon.log rm File deleted /var/log/wtmp rm File deleted /var/log/installer/partman rm File deleted /var/log/installer/lsb-release rm File deleted /var/log/installer/status rm -
Reads runtime system information 3 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/filesystems ls File opened for reading /proc/sys/kernel/ngroups_max sendmail File opened for reading /proc/filesystems ls -
Writes file to tmp directory 4 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/mutUI3jr mail File opened for modification /tmp/scan/cleanlist go File opened for modification /tmp/scan/mfu.txt Process not Found File opened for modification /tmp/muofe8av mail
Processes
-
/tmp/scan/go/tmp/scan/go1⤵
- Writes file to tmp directory
PID:705 -
/bin/lsls /var/log/2⤵
- Reads runtime system information
PID:714
-
-
/bin/rmrm -rf /var/log/alternatives.log2⤵
- Deletes log files
PID:716
-
-
/usr/bin/touchtouch /var/log/alternatives.log2⤵PID:717
-
-
/bin/rmrm -rf /var/log/apt2⤵
- Deletes log files
PID:718
-
-
/usr/bin/touchtouch /var/log/apt2⤵PID:724
-
-
/bin/rmrm -rf /var/log/audit2⤵
- Deletes Audit logs
- Deletes log files
PID:725
-
-
/usr/bin/touchtouch /var/log/audit2⤵PID:726
-
-
/bin/rmrm -rf /var/log/auth.log2⤵
- Deletes log files
PID:727
-
-
/usr/bin/touchtouch /var/log/auth.log2⤵PID:728
-
-
/bin/rmrm -rf /var/log/btmp2⤵
- Deletes log files
PID:730
-
-
/usr/bin/touchtouch /var/log/btmp2⤵PID:731
-
-
/bin/rmrm -rf /var/log/daemon.log2⤵
- Deletes log files
PID:732
-
-
/usr/bin/touchtouch /var/log/daemon.log2⤵PID:733
-
-
/bin/rmrm -rf /var/log/debug2⤵
- Deletes log files
PID:734
-
-
/usr/bin/touchtouch /var/log/debug2⤵PID:735
-
-
/bin/rmrm -rf /var/log/dpkg.log2⤵
- Deletes log files
PID:736
-
-
/usr/bin/touchtouch /var/log/dpkg.log2⤵PID:738
-
-
/bin/rmrm -rf /var/log/exim42⤵
- Deletes log files
PID:739
-
-
/usr/bin/touchtouch /var/log/exim42⤵PID:740
-
-
/bin/rmrm -rf /var/log/faillog2⤵
- Deletes log files
PID:741
-
-
/usr/bin/touchtouch /var/log/faillog2⤵PID:742
-
-
/bin/rmrm -rf /var/log/fontconfig.log2⤵
- Deletes log files
PID:743
-
-
/usr/bin/touchtouch /var/log/fontconfig.log2⤵PID:744
-
-
/bin/rmrm -rf /var/log/installer2⤵
- Deletes log files
PID:745
-
-
/usr/bin/touchtouch /var/log/installer2⤵PID:746
-
-
/bin/rmrm -rf /var/log/kern.log2⤵
- Deletes log files
PID:747
-
-
/usr/bin/touchtouch /var/log/kern.log2⤵PID:748
-
-
/bin/rmrm -rf /var/log/lastlog2⤵
- Deletes log files
PID:749
-
-
/usr/bin/touchtouch /var/log/lastlog2⤵PID:750
-
-
/bin/rmrm -rf /var/log/messages2⤵
- Deletes system logs
PID:751
-
-
/usr/bin/touchtouch /var/log/messages2⤵PID:752
-
-
/bin/rmrm -rf /var/log/syslog2⤵
- Deletes system logs
PID:753
-
-
/usr/bin/touchtouch /var/log/syslog2⤵PID:754
-
-
/bin/rmrm -rf /var/log/user.log2⤵
- Deletes log files
PID:755
-
-
/usr/bin/touchtouch /var/log/user.log2⤵PID:756
-
-
/bin/rmrm -rf /var/log/wtmp2⤵
- Deletes log files
PID:757
-
-
/usr/bin/touchtouch /var/log/wtmp2⤵PID:758
-
-
/bin/sleepsleep 22⤵PID:759
-
-
/bin/catcat motd2⤵PID:760
-
-
/tmp/scan/class./class 22 -a -i eth0 -s 102⤵PID:761
-
-
/bin/catcat bios.txt2⤵PID:762
-
-
/usr/bin/sortsort2⤵PID:763
-
-
/usr/bin/uniquniq2⤵PID:764
-
-
/bin/grepgrep -c . mfu.txt2⤵PID:765
-
-
/tmp/scan/update./update 15002⤵PID:766
-
-
/bin/catcat vuln.txt2⤵PID:767
-
-
/usr/bin/mailPID:768
-
/usr/sbin/sendmail/usr/sbin/sendmail -oi -f "root@debian9-mipsbe-20231215-en-6" -t3⤵
- Reads runtime system information
PID:771
-
-
-
/bin/rmrm -rf /root/.bash_history2⤵PID:815
-
-
/usr/bin/touchtouch /root/.bash_history2⤵PID:816
-
-
/bin/lsls /var/log/2⤵
- Reads runtime system information
PID:817
-
-
/bin/rmrm -rf /var/log/alternatives.log2⤵
- Deletes log files
PID:818
-
-
/usr/bin/touchtouch /var/log/alternatives.log2⤵PID:819
-
-
/bin/rmrm -rf /var/log/apt2⤵
- Deletes log files
PID:820
-
-
/usr/bin/touchtouch /var/log/apt2⤵PID:821
-
-
/bin/rmrm -rf /var/log/audit2⤵
- Deletes log files
PID:822
-
-
/usr/bin/touchtouch /var/log/audit2⤵PID:823
-
-
/bin/rmrm -rf /var/log/auth.log2⤵
- Deletes log files
PID:824
-
-
/usr/bin/touchtouch /var/log/auth.log2⤵PID:825
-
-
/bin/rmrm -rf /var/log/btmp2⤵
- Deletes log files
PID:826
-
-
/usr/bin/touchtouch /var/log/btmp2⤵PID:827
-
-
/bin/rmrm -rf /var/log/daemon.log2⤵
- Deletes log files
PID:828
-
-
/usr/bin/touchtouch /var/log/daemon.log2⤵PID:829
-
-
/bin/rmrm -rf /var/log/debug2⤵
- Deletes log files
PID:830
-
-
/usr/bin/touchtouch /var/log/debug2⤵PID:831
-
-
/bin/rmrm -rf /var/log/dpkg.log2⤵
- Deletes log files
PID:832
-
-
/usr/bin/touchtouch /var/log/dpkg.log2⤵PID:833
-
-
/bin/rmrm -rf /var/log/exim42⤵
- Deletes log files
PID:834
-
-
/usr/bin/touchtouch /var/log/exim42⤵PID:835
-
-
/bin/rmrm -rf /var/log/faillog2⤵
- Deletes log files
PID:836
-
-
/usr/bin/touchtouch /var/log/faillog2⤵PID:837
-
-
/bin/rmrm -rf /var/log/fontconfig.log2⤵
- Deletes log files
PID:838
-
-
/usr/bin/touchtouch /var/log/fontconfig.log2⤵PID:839
-
-
/bin/rmrm -rf /var/log/installer2⤵
- Deletes log files
PID:840
-
-
/usr/bin/touchtouch /var/log/installer2⤵PID:841
-
-
/bin/rmrm -rf /var/log/kern.log2⤵
- Deletes log files
PID:842
-
-
/usr/bin/touchtouch /var/log/kern.log2⤵PID:843
-
-
/bin/rmrm -rf /var/log/lastlog2⤵
- Deletes log files
PID:844
-
-
/usr/bin/touchtouch /var/log/lastlog2⤵PID:845
-
-
/bin/rmrm -rf /var/log/mail.err2⤵
- Deletes log files
PID:846
-
-
/usr/bin/touchtouch /var/log/mail.err2⤵PID:847
-
-
/bin/rmrm -rf /var/log/mail.info2⤵
- Deletes log files
PID:848
-
-
/usr/bin/touchtouch /var/log/mail.info2⤵PID:849
-
-
/bin/rmrm -rf /var/log/mail.log2⤵
- Deletes log files
PID:850
-
-
/usr/bin/touchtouch /var/log/mail.log2⤵PID:851
-
-
/bin/rmrm -rf /var/log/mail.warn2⤵
- Deletes log files
PID:852
-
-
/usr/bin/touchtouch /var/log/mail.warn2⤵PID:853
-
-
/bin/rmrm -rf /var/log/messages2⤵
- Deletes system logs
PID:854
-
-
/usr/bin/touchtouch /var/log/messages2⤵PID:855
-
-
/bin/rmrm -rf /var/log/syslog2⤵
- Deletes system logs
PID:856
-
-
/usr/bin/touchtouch /var/log/syslog2⤵PID:857
-
-
/bin/rmrm -rf /var/log/user.log2⤵
- Deletes log files
PID:858
-
-
/usr/bin/touchtouch /var/log/user.log2⤵PID:862
-
-
/bin/rmrm -rf /var/log/wtmp2⤵
- Deletes log files
PID:863
-
-
/usr/bin/touchtouch /var/log/wtmp2⤵PID:864
-
-
/bin/sleepsleep 52⤵PID:865
-
-
/tmp/scan/clean./clean2⤵PID:896
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD51c99b03857edf11c9c283ce11bf39e0e
SHA1cc888d32fae0f4f6f50a8ebbed92e792c7f8f593
SHA25681fe84eed1b60139eb20318659e30e0480a6ca88d275e8cdbee037fa547a7772
SHA512b48ba94ac1d7c3fa1c4d7802d031da0fde56002dbc9d49df23b0072bed09136cf32f081684bfaf8a3f66d6aa5e5a27d3bf9bd81a07a600eaeac33c84855eebb8
-
Filesize
19B
MD5d6938778451895f91be20957ff73258e
SHA19958a71e70dcb489a905c438ace1bdf3750f9449
SHA256655ec4dcf1df3a6c840dcf9a43090835627b16bc470587b0753c1bb611619f35
SHA5129e81435fd13c434d096579af54918cda437212cd9bf999b05cbfb012f25ed920bdaf3f5964af59252e0aa186e6bfbf3e5cbf9dc30c69d0be029a27e2b1dd1fae
-
Filesize
740B
MD5eeceac1f6a391dd9b7710f7c4732bbd9
SHA14dfd28d8c0edca552609651cb7ee1edefb4d4561
SHA2568a88f2c7bc19d2381b07e7b87091fe4d76c167e2cffd3cb6cf24dc4848c2e582
SHA5123d6f9abeaab539244795ffd83ac2caad93575e5e9938fd9021f6b3b6e92df11e3bd20c62531ea1b8ce3a8c50d3f9635726cab483cede094ee47e079e9a8d6027
-
Filesize
89B
MD5d86929d3f68c762dce0f8f32aa54bac1
SHA1db7a6cc6b7c848dde376572a684df6dc7eb01042
SHA256dd013f401b6ad83eb9fb2e7b9c003144821af2d56d438b06bd445fbc973e0000
SHA51272576f49fb48fec2407a65ae83fb338e5c8d106ac703bae35c3d9008f6dc12f9e426f24c60151138d30ede8b4826b4989094b6a1ef3c9b67858e83798990cf89