Overview

overview

6

Static

static

1

.bash/autorun

ubuntu-18.04-amd64

6

.bash/autorun

debian-9-armhf

6

.bash/autorun

debian-9-mips

6

.bash/autorun

debian-9-mipsel

1

.bash/makesalt

ubuntu-18.04-amd64

.bash/ntpd

ubuntu-18.04-amd64

3

.bash/psybncchk

ubuntu-18.04-amd64

1

.bash/psybncchk

debian-9-armhf

1

.bash/psybncchk

debian-9-mips

1

.bash/psybncchk

debian-9-mipsel

1

.bash/run

ubuntu-18.04-amd64

1

.bash/run

debian-9-armhf

1

.bash/run

debian-9-mips

1

.bash/run

debian-9-mipsel

1

.bash/src/match.o

ubuntu-18.04-amd64

.bash/src/...fish.o

ubuntu-18.04-amd64

.bash/src/p_client.o

ubuntu-18.04-amd64

.bash/src/p_crypt.o

ubuntu-18.04-amd64

.bash/src/p_dcc.o

ubuntu-18.04-amd64

.bash/src/p_hash.o

ubuntu-18.04-amd64

.bash/src/p_idea.o

ubuntu-18.04-amd64

.bash/src/p_inifunc.o

ubuntu-18.04-amd64

.bash/src/p_intnet.o

ubuntu-18.04-amd64

.bash/src/p_link.o

ubuntu-18.04-amd64

.bash/src/p_log.o

ubuntu-18.04-amd64

.bash/src/p_memory.o

ubuntu-18.04-amd64

.bash/src/p_network.o

ubuntu-18.04-amd64

.bash/src/p_parse.o

ubuntu-18.04-amd64

.bash/src/p_peer.o

ubuntu-18.04-amd64

.bash/src/p_script.o

ubuntu-18.04-amd64

.bash/src/p_server.o

ubuntu-18.04-amd64

.bash/src/p_socket.o

ubuntu-18.04-amd64

Analysis

  • max time kernel
    152s
  • max time network
    131s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22-12-2023 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .bash/ntpd

  • Size

    434KB

  • MD5

    d7cb8d530dd813f34bdcf1b6c485589b

  • SHA1

    ab23fb28eaaa22a7e54cdc4b04c21745c0e506cc

  • SHA256

    fc931afe19846305625b023a37c464a427fc3d632f63e6b79811e8cde4ca67ea

  • SHA512

    76d2955dc036705ffc4e962d2660f6d236f9b336eb99e2387f0b9f58fd34b1c4079a423fa0017597f0597f1155501e8c6de834ff072a0103cc431544384857f3

  • SSDEEP

    12288:3KmfrVWs3a/0Qd0xFoL2wPIYqpQIznUwGRRYMntiTMAC9DyzXx:3Kmrwsc0Qd0xFMIYqpQJwGRS

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.bash/ntpd
    /tmp/.bash/ntpd
    1⤵
    • Writes file to tmp directory
    PID:1569

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads