Overview

overview

7

Static

static

7

xsd/PRIVATE/L

ubuntu-18.04-amd64

1

xsd/PRIVATE/L

debian-9-armhf

1

xsd/PRIVATE/L

debian-9-mips

1

xsd/PRIVATE/L

debian-9-mipsel

1

xsd/PRIVATE/x

ubuntu-18.04-amd64

1

xsd/PRIVATE/x

debian-9-armhf

1

xsd/PRIVATE/x

debian-9-mips

1

xsd/PRIVATE/x

debian-9-mipsel

1

xsd/goa

ubuntu-18.04-amd64

3

xsd/goa

debian-9-armhf

3

xsd/goa

debian-9-mips

3

xsd/goa

debian-9-mipsel

3

xsd/rand

ubuntu-18.04-amd64

1

xsd/rand

debian-9-armhf

1

xsd/rand

debian-9-mips

1

xsd/rand

debian-9-mipsel

1

xsd/ss

ubuntu-18.04-amd64

1

xsd/x

ubuntu-18.04-amd64

3

xsd/x

debian-9-armhf

1

xsd/x

debian-9-mips

1

xsd/x

debian-9-mipsel

3

xsd/zmeu

ubuntu-18.04-amd64

1

Analysis

  • max time kernel
    4s
  • max time network
    131s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22-12-2023 13:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xsd/goa

  • Size

    278B

  • MD5

    dfafc90b783d75f705435d54c02e497e

  • SHA1

    3ce588331911807c3a91eaee6a66b93d690cca1c

  • SHA256

    4ed0f8329dd14e9828aaece2bdf8bba41397941dd9767f8d1bff689a7a79d96c

  • SHA512

    eaac4235e1684c0dc89ff715420e0c449fc2ab028a05be32da01c1ddbcb7095f582616ff40c4252692e6544d1c880c706aef3fa6fefad2166d75b2a69f5287f9

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/xsd/goa
    /tmp/xsd/goa
    1⤵
      PID:1536
      • /bin/rm
        rm -f ip.80 bios.txt
        2⤵
          PID:1540
        • /tmp/xsd/ss
          ./ss 80 -a -s 9
          2⤵
            PID:1541
          • /usr/bin/sort
            sort
            2⤵
              PID:1543
            • /bin/cat
              cat bios.txt
              2⤵
                PID:1542
              • /usr/bin/uniq
                uniq
                2⤵
                  PID:1544
                • /bin/grep
                  grep . ip.80
                  2⤵
                    PID:1545
                  • /tmp/xsd/zmeu
                    ./zmeu ip.80 vuln.txt 100 cgi
                    2⤵
                      PID:1546
                    • /bin/grep
                      grep . vuln.txt
                      2⤵
                        PID:1547
                      • /bin/rm
                        rm -f ip.80 bios.txt
                        2⤵
                          PID:1548

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads