Analysis
-
max time kernel
109s -
max time network
70s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
14-02-2024 15:35
Static task
static1
Behavioral task
behavioral1
Sample
recovery
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
1 signatures
600 seconds
General
-
Target
recovery
-
Size
26KB
-
MD5
16175d176fc8515c4bdd5778a934c33b
-
SHA1
94a542680d9de2726a2d4ecbeced79233d4e7739
-
SHA256
3440b4fc74f51d5104deb38924ec821f7f7b8ecd585667f84d4743dd305eb2ba
-
SHA512
f4287a852bdde3b1157be40201e010556a8fd2bec3611c5488d21c78a368c6ee3731334893ee3ef9f3776d7dd12e6d28a8e6ba61190dce70528552b7c958ce24
-
SSDEEP
192:GKjFowqQFLcXzH3XMMCkTvR1tYN/5FCIflKIzhzhzhzhz4zIzhzhzhz2qExEFEFF:LkQFAE7II1111E8111aqWaaax
Score
3/10
Malware Config
Signatures
-
Writes file to tmp directory 64 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/ds-digitalsignature/recoveryfjmafadrrw.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoveryhffbsaqxwp.bkp recovery File opened for modification /tmp/ds-ics/recoveryaguwnnyqxn.bkp recovery File opened for modification /tmp/ds-ics/recoverywagmlejuuk.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryvdgaijvwcy.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoveryqbhcdarzow.bkp recovery File opened for modification /tmp/ds-ics/recoverypxrjxkitzy.bkp recovery File opened for modification /tmp/ds-ics/recoverydwdwfcgpxi.bkp recovery File opened for modification /tmp/ds-ics/recoverygspqoqmsbo.bkp recovery File opened for modification /tmp/ds-ics/recoveryyulyeimuot.bkp recovery File opened for modification /tmp/ds-ics/recoveryebmwsiqyoy.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryztqrsvbspk.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoverybknhkwppan.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoverycnaehhsvey.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoveryggxxpklore.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoverynwnkuewhsq.bkp recovery File opened for modification /tmp/ds-ics/recoveryzlgdgwpbtr.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoverykhopkmcoqh.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoveryxixmvtrrbl.bkp recovery File opened for modification /tmp/ds-ics/recoverywblnsadeug.bkp recovery File opened for modification /tmp/ds-ics/recoverydiajxloghi.bkp recovery File opened for modification /tmp/ds-ics/recoveryqfmzhlvihj.bkp recovery File opened for modification /tmp/ds-ics/recoveryouvsuyoypa.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoverymrjowrghwl.bkp recovery File opened for modification /tmp/ds-ics/recoverykmlnozjkpq.bkp recovery File opened for modification /tmp/ds-ics/recoveryyxlmndqtuk.bkp recovery File opened for modification /tmp/ds-ics/recoverylwphapjnad.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryflilrjqfnx.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoverytpddbuotbb.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryubzvafspqp.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoveryivswmdkqtb.bkp recovery File opened for modification /tmp/ds-ics/recoveryacehchzvfr.bkp recovery File opened for modification /tmp/ds-ics/recoveryxacbhhkicq.bkp recovery File opened for modification /tmp/ds-ics/recoveryxnspusgdhi.bkp recovery File opened for modification /tmp/ds-ics/recoveryixqmbfjxjc.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryjjddntgeiq.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoveryarcbynecdy.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoverysofsbcnuvq.bkp recovery File opened for modification /tmp/ds-ics/recoverycoendtomfg.bkp recovery File opened for modification /tmp/ds-ics/recoveryqvkuytdlcg.bkp recovery File opened for modification /tmp/ds-ics/recoveryuumoqcdrub.bkp recovery File opened for modification /tmp/ds-ics/recoveryordtqkvwcs.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoverysieehkchzd.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryzmgyjgfdxv.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoverydxrjmowfrx.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryaubwewpjvy.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoverytnunneslsp.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoverykobmeahkgc.bkp recovery File opened for modification /tmp/ds-ics/recoveryiooobppleq.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryqcwivrfxju.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoverysozoyvegur.bkp recovery File opened for modification /tmp/ds-digitalsignature/recoverykkyhiddqsc.bkp recovery File opened for modification /tmp/ds-ics/recoverynmeyatdrmy.bkp recovery File opened for modification /tmp/ds-ics/recoveryfykgruowzg.bkp recovery File opened for modification /tmp/ds-ics/recoveryqhdcnvwdtx.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryyhsenbppkq.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryiwuqzdzubd.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoveryddwyvvburc.bkp recovery File opened for modification /tmp/ds-ics/recoverydewhtacioh.bkp recovery File opened for modification /tmp/ds-ics/recoveryhwdvmxxrdr.bkp recovery File opened for modification /tmp/ds-ics/recoveryrzucxamlud.bkp recovery File opened for modification /tmp/ds-ics/recoveryzvjegebeoc.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoverylwuiupfxlz.bkp recovery File opened for modification /tmp/elasticbeanstalk-us-west-2-797161753595/recoverymqpxhlrnun.bkp recovery