Overview

overview

7

Static

static

7

xsd/PRIVATE/L

ubuntu-18.04-amd64

1

xsd/PRIVATE/L

debian-9-armhf

1

xsd/PRIVATE/L

debian-9-mips

1

xsd/PRIVATE/L

debian-9-mipsel

1

xsd/PRIVATE/x

ubuntu-18.04-amd64

1

xsd/PRIVATE/x

debian-9-armhf

1

xsd/PRIVATE/x

debian-9-mips

1

xsd/PRIVATE/x

debian-9-mipsel

1

xsd/goa

ubuntu-18.04-amd64

3

xsd/goa

debian-9-armhf

3

xsd/goa

debian-9-mips

3

xsd/goa

debian-9-mipsel

3

xsd/rand

ubuntu-18.04-amd64

1

xsd/rand

debian-9-armhf

1

xsd/rand

debian-9-mips

1

xsd/rand

debian-9-mipsel

1

xsd/ss

ubuntu-18.04-amd64

1

xsd/x

ubuntu-18.04-amd64

3

xsd/x

debian-9-armhf

1

xsd/x

debian-9-mips

1

xsd/x

debian-9-mipsel

3

xsd/zmeu

ubuntu-18.04-amd64

1

Analysis

  • max time kernel
    4s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    22-12-2023 13:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xsd/goa

  • Size

    278B

  • MD5

    dfafc90b783d75f705435d54c02e497e

  • SHA1

    3ce588331911807c3a91eaee6a66b93d690cca1c

  • SHA256

    4ed0f8329dd14e9828aaece2bdf8bba41397941dd9767f8d1bff689a7a79d96c

  • SHA512

    eaac4235e1684c0dc89ff715420e0c449fc2ab028a05be32da01c1ddbcb7095f582616ff40c4252692e6544d1c880c706aef3fa6fefad2166d75b2a69f5287f9

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/xsd/goa
    /tmp/xsd/goa
    1⤵
      PID:653
      • /bin/rm
        rm -f ip.80 bios.txt
        2⤵
          PID:655
        • /tmp/xsd/ss
          ./ss 80 -a -s 9
          2⤵
            PID:657
          • /bin/cat
            cat bios.txt
            2⤵
              PID:658
            • /usr/bin/sort
              sort
              2⤵
                PID:659
              • /usr/bin/uniq
                uniq
                2⤵
                  PID:660
                • /bin/grep
                  grep . ip.80
                  2⤵
                    PID:665
                  • /tmp/xsd/zmeu
                    ./zmeu ip.80 vuln.txt 100 cgi
                    2⤵
                      PID:666
                    • /bin/grep
                      grep . vuln.txt
                      2⤵
                        PID:667
                      • /bin/rm
                        rm -f ip.80 bios.txt
                        2⤵
                          PID:668

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads