Overview

overview

10

Static

static

7

.rsync/a/a

ubuntu-18.04-amd64

10

.rsync/a/a

debian-9-armhf

10

.rsync/a/a

debian-9-mips

7

.rsync/a/a

debian-9-mipsel

7

.rsync/a/init0

ubuntu-18.04-amd64

6

.rsync/a/init0

debian-9-armhf

6

.rsync/a/init0

debian-9-mips

6

.rsync/a/init0

debian-9-mipsel

6

.rsync/a/kswapd0

ubuntu-18.04-amd64

10

.rsync/a/run

ubuntu-18.04-amd64

3

.rsync/a/run

debian-9-armhf

3

.rsync/a/run

debian-9-mips

3

.rsync/a/run

debian-9-mipsel

3

.rsync/a/stop

ubuntu-18.04-amd64

10

.rsync/a/stop

debian-9-armhf

10

.rsync/a/stop

debian-9-mips

6

.rsync/a/stop

debian-9-mipsel

6

.rsync/b/a

ubuntu-18.04-amd64

7

.rsync/b/a

debian-9-armhf

7

.rsync/b/a

debian-9-mips

6

.rsync/b/a

debian-9-mipsel

7

.rsync/b/run

ubuntu-18.04-amd64

7

.rsync/b/run

debian-9-armhf

7

.rsync/b/run

debian-9-mips

7

.rsync/b/run

debian-9-mipsel

7

.rsync/b/stop

ubuntu-18.04-amd64

6

.rsync/b/stop

debian-9-armhf

6

.rsync/b/stop

debian-9-mips

6

.rsync/b/stop

debian-9-mipsel

6

.rsync/c/blitz

ubuntu-18.04-amd64

1

.rsync/c/blitz

debian-9-armhf

1

.rsync/c/blitz

debian-9-mips

1

Analysis

  • max time kernel
    10s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    07-03-2024 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .rsync/a/run

  • Size

    109B

  • MD5

    623f15febc9933354a6a08543ae49aa3

  • SHA1

    8b865eb9b747207160a6b5ff1aefad4fbc6fc465

  • SHA256

    1a0391e55d19ec582410044bf2ddaaaea7cf1277d23a8d26b0443bb8e40fa672

  • SHA512

    e1e048b28175eabef7aa5284cae83e44fba7438b72beeddc80c5e39a3b8adf03492ef90090d1fab84b509959fab4e3dd33ad66827c5759a3e9c451429c60bdc6

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.rsync/a/run
    /tmp/.rsync/a/run
    1⤵
    • Writes file to tmp directory
    PID:1537
    • /tmp/.rsync/a/stop
      ./stop
      2⤵
        PID:1538
      • /bin/sleep
        sleep 10
        2⤵
          PID:1539
        • /bin/cat
          cat dir.dir
          2⤵
            PID:1553
        • /usr/bin/nohup
          nohup ./kswapd0
          1⤵
            PID:1554
          • /tmp/.rsync/a/kswapd0
            ./kswapd0
            1⤵
              PID:1554

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /tmp/.rsync/a/bash.pid
              Filesize

              5B

              MD5

              4c23435f92cd987d982d02e7fc63565c

              SHA1

              4b20065f4f73eb8d72ffd9dd0c8b751017b05591

              SHA256

              6ceb3fe3a8fb376731407ed1bc8bcdc5a86b81fcf95c161b9503ad218425b248

              SHA512

              660024d635989f6750729751a90a58fc6f47f5b9a4e2b24d99ec540d2bc6b3cdeb5e9b0d84efd7d360dc7b3130f9630828b1e827c4694fed5b349985b4c269bb

              Download Submit