Overview
overview
7Static
static
1scan/1
ubuntu-18.04-amd64
1scan/1
debian-9-armhf
1scan/1
debian-9-mips
1scan/1
debian-9-mipsel
1scan/2
ubuntu-18.04-amd64
1scan/2
debian-9-armhf
1scan/2
debian-9-mips
1scan/2
debian-9-mipsel
1scan/3
ubuntu-18.04-amd64
1scan/3
debian-9-armhf
1scan/3
debian-9-mips
1scan/3
debian-9-mipsel
1scan/class
ubuntu-18.04-amd64
1scan/go
ubuntu-18.04-amd64
7scan/go
debian-9-armhf
1scan/go
debian-9-mips
7scan/go
debian-9-mipsel
7scan/random
ubuntu-18.04-amd64
1scan/random
debian-9-armhf
1scan/random
debian-9-mips
1scan/random
debian-9-mipsel
1scan/screen
ubuntu-18.04-amd64
scan/update
ubuntu-18.04-amd64
1Analysis
-
max time kernel
21s -
max time network
14s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20231222-en -
resource tags
arch:mipselimage:debian9-mipsel-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
22/12/2023, 08:25
Static task
static1
Behavioral task
behavioral1
Sample
scan/1
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral2
Sample
scan/1
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral3
Sample
scan/1
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral4
Sample
scan/1
Resource
debian9-mipsel-20231215-en
Behavioral task
behavioral5
Sample
scan/2
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral6
Sample
scan/2
Resource
debian9-armhf-20231222-en
Behavioral task
behavioral7
Sample
scan/2
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral8
Sample
scan/2
Resource
debian9-mipsel-20231222-en
Behavioral task
behavioral9
Sample
scan/3
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral10
Sample
scan/3
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral11
Sample
scan/3
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral12
Sample
scan/3
Resource
debian9-mipsel-20231222-en
Behavioral task
behavioral13
Sample
scan/class
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral14
Sample
scan/go
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral15
Sample
scan/go
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral16
Sample
scan/go
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral17
Sample
scan/go
Resource
debian9-mipsel-20231222-en
Behavioral task
behavioral18
Sample
scan/random
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral19
Sample
scan/random
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral20
Sample
scan/random
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral21
Sample
scan/random
Resource
debian9-mipsel-20231222-en
Behavioral task
behavioral22
Sample
scan/screen
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral23
Sample
scan/update
Resource
ubuntu1804-amd64-20231215-en
General
-
Target
scan/go
-
Size
794B
-
MD5
fd52040029cde6318569f91abc1090fc
-
SHA1
65117e69cfc77df7db1d0695eb66903093e2e397
-
SHA256
150ad9bc0078b993db48ed0d373723df82c89e23c3d1dcfb795aac3f5853a5cc
-
SHA512
5f707d39c2494cf7bc41acc3a5402d1442ab12c4cc2c73c9f15dedac7e9d37d25a01119a02887e442bdeaacc3f3290b6dd33f1c5cdbbca011df140c11ce129f7
Malware Config
Signatures
-
description ioc Process File deleted /var/log/audit/audit.log rm -
Deletes system logs 1 TTPs 4 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
description ioc Process File deleted /var/log/messages rm File deleted /var/log/syslog rm File deleted /var/log/messages rm File deleted /var/log/syslog rm -
Deletes log files 1 TTPs 48 IoCs
Deletes log files on the system.
description ioc Process File deleted /var/log/audit rm File deleted /var/log/daemon.log rm File deleted /var/log/exim4/mainlog rm File deleted /var/log/lastlog rm File deleted /var/log/alternatives.log rm File deleted /var/log/wtmp rm File deleted /var/log/mail.err rm File deleted /var/log/mail.log rm File deleted /var/log/apt/eipp.log.xz rm File deleted /var/log/apt rm File deleted /var/log/btmp rm File deleted /var/log/installer/cdebconf rm File deleted /var/log/installer/partman rm File deleted /var/log/installer/status rm File deleted /var/log/exim4 rm File deleted /var/log/user.log rm File deleted /var/log/debug rm File deleted /var/log/installer rm File deleted /var/log/kern.log rm File deleted /var/log/apt/term.log rm File deleted /var/log/exim4 rm File deleted /var/log/installer/hardware-summary rm File deleted /var/log/installer/syslog rm File deleted /var/log/mail.info rm File deleted /var/log/user.log rm File deleted /var/log/alternatives.log rm File deleted /var/log/audit rm File deleted /var/log/installer/lsb-release rm File deleted /var/log/dpkg.log rm File deleted /var/log/faillog rm File deleted /var/log/installer rm File deleted /var/log/wtmp rm File deleted /var/log/daemon.log rm File deleted /var/log/faillog rm File deleted /var/log/lastlog rm File deleted /var/log/mail.warn rm File deleted /var/log/apt/history.log rm File deleted /var/log/auth.log rm File deleted /var/log/installer/cdebconf/templates.dat rm File deleted /var/log/btmp rm File deleted /var/log/kern.log rm File deleted /var/log/apt rm File deleted /var/log/auth.log rm File deleted /var/log/fontconfig.log rm File deleted /var/log/debug rm File deleted /var/log/dpkg.log rm File deleted /var/log/fontconfig.log rm File deleted /var/log/installer/cdebconf/questions.dat rm -
Reads runtime system information 3 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/filesystems ls File opened for reading /proc/sys/kernel/ngroups_max sendmail File opened for reading /proc/filesystems ls -
Writes file to tmp directory 4 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/scan/mfu.txt Process not Found File opened for modification /tmp/muK6dcLF mail File opened for modification /tmp/mu2lgAhv mail File opened for modification /tmp/scan/cleanlist go
Processes
-
/tmp/scan/go/tmp/scan/go1⤵
- Writes file to tmp directory
PID:742 -
/bin/lsls /var/log/2⤵
- Reads runtime system information
PID:748
-
-
/bin/rmrm -rf /var/log/alternatives.log2⤵
- Deletes log files
PID:749
-
-
/usr/bin/touchtouch /var/log/alternatives.log2⤵PID:750
-
-
/bin/rmrm -rf /var/log/apt2⤵
- Deletes log files
PID:752
-
-
/usr/bin/touchtouch /var/log/apt2⤵PID:754
-
-
/bin/rmrm -rf /var/log/audit2⤵
- Deletes Audit logs
- Deletes log files
PID:755
-
-
/usr/bin/touchtouch /var/log/audit2⤵PID:756
-
-
/bin/rmrm -rf /var/log/auth.log2⤵
- Deletes log files
PID:757
-
-
/usr/bin/touchtouch /var/log/auth.log2⤵PID:759
-
-
/bin/rmrm -rf /var/log/btmp2⤵
- Deletes log files
PID:761
-
-
/usr/bin/touchtouch /var/log/btmp2⤵PID:763
-
-
/bin/rmrm -rf /var/log/daemon.log2⤵
- Deletes log files
PID:764
-
-
/usr/bin/touchtouch /var/log/daemon.log2⤵PID:765
-
-
/bin/rmrm -rf /var/log/debug2⤵
- Deletes log files
PID:766
-
-
/usr/bin/touchtouch /var/log/debug2⤵PID:767
-
-
/bin/rmrm -rf /var/log/dpkg.log2⤵
- Deletes log files
PID:769
-
-
/usr/bin/touchtouch /var/log/dpkg.log2⤵PID:770
-
-
/bin/rmrm -rf /var/log/exim42⤵
- Deletes log files
PID:771
-
-
/usr/bin/touchtouch /var/log/exim42⤵PID:772
-
-
/bin/rmrm -rf /var/log/faillog2⤵
- Deletes log files
PID:773
-
-
/usr/bin/touchtouch /var/log/faillog2⤵PID:774
-
-
/bin/rmrm -rf /var/log/fontconfig.log2⤵
- Deletes log files
PID:775
-
-
/usr/bin/touchtouch /var/log/fontconfig.log2⤵PID:777
-
-
/bin/rmrm -rf /var/log/installer2⤵
- Deletes log files
PID:778
-
-
/usr/bin/touchtouch /var/log/installer2⤵PID:779
-
-
/bin/rmrm -rf /var/log/kern.log2⤵
- Deletes log files
PID:780
-
-
/usr/bin/touchtouch /var/log/kern.log2⤵PID:781
-
-
/bin/rmrm -rf /var/log/lastlog2⤵
- Deletes log files
PID:782
-
-
/usr/bin/touchtouch /var/log/lastlog2⤵PID:783
-
-
/bin/rmrm -rf /var/log/messages2⤵
- Deletes system logs
PID:784
-
-
/usr/bin/touchtouch /var/log/messages2⤵PID:785
-
-
/bin/rmrm -rf /var/log/syslog2⤵
- Deletes system logs
PID:786
-
-
/usr/bin/touchtouch /var/log/syslog2⤵PID:787
-
-
/bin/rmrm -rf /var/log/user.log2⤵
- Deletes log files
PID:788
-
-
/usr/bin/touchtouch /var/log/user.log2⤵PID:789
-
-
/bin/rmrm -rf /var/log/wtmp2⤵
- Deletes log files
PID:790
-
-
/usr/bin/touchtouch /var/log/wtmp2⤵PID:791
-
-
/bin/sleepsleep 22⤵PID:792
-
-
/bin/catcat motd2⤵PID:793
-
-
/tmp/scan/class./class 22 -a -i eth0 -s 102⤵PID:794
-
-
/bin/catcat bios.txt2⤵PID:795
-
-
/usr/bin/sortsort2⤵PID:796
-
-
/usr/bin/uniquniq2⤵PID:797
-
-
/bin/grepgrep -c . mfu.txt2⤵PID:798
-
-
/tmp/scan/update./update 15002⤵PID:799
-
-
/bin/catcat vuln.txt2⤵PID:800
-
-
/usr/bin/mailPID:801
-
/usr/sbin/sendmail/usr/sbin/sendmail -oi -f "root@debian9-mipsel-20231222-en-8" -t3⤵
- Reads runtime system information
PID:847
-
-
-
/bin/rmrm -rf /root/.bash_history2⤵PID:851
-
-
/usr/bin/touchtouch /root/.bash_history2⤵PID:853
-
-
/bin/lsls /var/log/2⤵
- Reads runtime system information
PID:854
-
-
/bin/rmrm -rf /var/log/alternatives.log2⤵
- Deletes log files
PID:855
-
-
/usr/bin/touchtouch /var/log/alternatives.log2⤵PID:856
-
-
/bin/rmrm -rf /var/log/apt2⤵
- Deletes log files
PID:858
-
-
/usr/bin/touchtouch /var/log/apt2⤵PID:860
-
-
/bin/rmrm -rf /var/log/audit2⤵
- Deletes log files
PID:861
-
-
/usr/bin/touchtouch /var/log/audit2⤵PID:862
-
-
/bin/rmrm -rf /var/log/auth.log2⤵
- Deletes log files
PID:863
-
-
/usr/bin/touchtouch /var/log/auth.log2⤵PID:865
-
-
/bin/rmrm -rf /var/log/btmp2⤵
- Deletes log files
PID:866
-
-
/usr/bin/touchtouch /var/log/btmp2⤵PID:868
-
-
/bin/rmrm -rf /var/log/daemon.log2⤵
- Deletes log files
PID:869
-
-
/usr/bin/touchtouch /var/log/daemon.log2⤵PID:870
-
-
/bin/rmrm -rf /var/log/debug2⤵
- Deletes log files
PID:871
-
-
/usr/bin/touchtouch /var/log/debug2⤵PID:873
-
-
/bin/rmrm -rf /var/log/dpkg.log2⤵
- Deletes log files
PID:874
-
-
/usr/bin/touchtouch /var/log/dpkg.log2⤵PID:876
-
-
/bin/rmrm -rf /var/log/exim42⤵
- Deletes log files
PID:877
-
-
/usr/bin/touchtouch /var/log/exim42⤵PID:878
-
-
/bin/rmrm -rf /var/log/faillog2⤵
- Deletes log files
PID:879
-
-
/usr/bin/touchtouch /var/log/faillog2⤵PID:881
-
-
/bin/rmrm -rf /var/log/fontconfig.log2⤵
- Deletes log files
PID:882
-
-
/usr/bin/touchtouch /var/log/fontconfig.log2⤵PID:884
-
-
/bin/rmrm -rf /var/log/installer2⤵
- Deletes log files
PID:885
-
-
/usr/bin/touchtouch /var/log/installer2⤵PID:886
-
-
/bin/rmrm -rf /var/log/kern.log2⤵
- Deletes log files
PID:887
-
-
/usr/bin/touchtouch /var/log/kern.log2⤵PID:889
-
-
/bin/rmrm -rf /var/log/lastlog2⤵
- Deletes log files
PID:891
-
-
/usr/bin/touchtouch /var/log/lastlog2⤵PID:892
-
-
/bin/rmrm -rf /var/log/mail.err2⤵
- Deletes log files
PID:893
-
-
/usr/bin/touchtouch /var/log/mail.err2⤵PID:894
-
-
/bin/rmrm -rf /var/log/mail.info2⤵
- Deletes log files
PID:896
-
-
/usr/bin/touchtouch /var/log/mail.info2⤵PID:897
-
-
/bin/rmrm -rf /var/log/mail.log2⤵
- Deletes log files
PID:899
-
-
/usr/bin/touchtouch /var/log/mail.log2⤵PID:900
-
-
/bin/rmrm -rf /var/log/mail.warn2⤵
- Deletes log files
PID:901
-
-
/usr/bin/touchtouch /var/log/mail.warn2⤵PID:902
-
-
/bin/rmrm -rf /var/log/messages2⤵
- Deletes system logs
PID:904
-
-
/usr/bin/touchtouch /var/log/messages2⤵PID:905
-
-
/bin/rmrm -rf /var/log/syslog2⤵
- Deletes system logs
PID:907
-
-
/usr/bin/touchtouch /var/log/syslog2⤵PID:908
-
-
/bin/rmrm -rf /var/log/user.log2⤵
- Deletes log files
PID:909
-
-
/usr/bin/touchtouch /var/log/user.log2⤵PID:910
-
-
/bin/rmrm -rf /var/log/wtmp2⤵
- Deletes log files
PID:912
-
-
/usr/bin/touchtouch /var/log/wtmp2⤵PID:914
-
-
/bin/sleepsleep 52⤵PID:915
-
-
/tmp/scan/clean./clean2⤵PID:926
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5e3b2e9bd6cc9c4e6343e86ce222f7cad
SHA1e75e018425ddc628ad41afda5d242fe9b46bee54
SHA25666f0bf09fe7173051205d407cc04dec3ab31e816835fbd88ec1c8cf363a16e99
SHA51210b6c23b38b03d5aee72f03d2a36b642a4f3656bdb244ee50802e64b6ba0ecab7fa93d5cb007f8adda6ded5ec45364b419abb56272b845c0a5ab171657f43750
-
Filesize
19B
MD528ab3bfaf5d496cb5af2a6e53d673d9b
SHA1990109670713b08e2594803dd46fdf184e2b7e48
SHA256fb7224a6ca5873d9f36c5c94d81ed10112ac7a6164612d8b845252e3825898fb
SHA5124e5edf51d9975946a903eb628a921b7d40496a0a42d2691f002384cf3c31585e4bc19de9c24170bac458239aad0635de11390113cb1793d55f549ce708058268
-
Filesize
740B
MD5371222ae34751ec328c5821895802de3
SHA19d10693ad8fd99f434b888ccd535e1a2c7b0598a
SHA2567b3772e21c21d328605a48107b19752876d287d6fd8f42e7c8ccfce770629230
SHA512e18dac2f83858979f965034978dd116e012f220c7e530f1fc432c9f12b1f5b46062fae447c8f10d0c396a87ee3cb658584600603cb049b6661ebe3a5914b49e8
-
Filesize
89B
MD5b7e6c5be61bd5e1add04ffb6e244e4ed
SHA15ed61fd0a95f164bbb783061ea7e492beb836269
SHA256cdcca8e3927a7bd7cfaa361c993d8243dd70ec2eac1c09cddaeb51f9c9e68c7e
SHA51288c08991ff2346700b48b0d3b387fd2e8c546d5f260a1a1ba439e02ed2887c0e2c4d4e060ab1b286138b6e5fccc46f60044993f4514cb6740deaeff2e7d109cb