Overview

overview

10

Static

static

7

.rsync/a/a

ubuntu-18.04-amd64

10

.rsync/a/a

debian-9-armhf

10

.rsync/a/a

debian-9-mips

7

.rsync/a/a

debian-9-mipsel

7

.rsync/a/init0

ubuntu-18.04-amd64

6

.rsync/a/init0

debian-9-armhf

6

.rsync/a/init0

debian-9-mips

6

.rsync/a/init0

debian-9-mipsel

6

.rsync/a/kswapd0

ubuntu-18.04-amd64

10

.rsync/a/run

ubuntu-18.04-amd64

3

.rsync/a/run

debian-9-armhf

3

.rsync/a/run

debian-9-mips

3

.rsync/a/run

debian-9-mipsel

3

.rsync/a/stop

ubuntu-18.04-amd64

10

.rsync/a/stop

debian-9-armhf

10

.rsync/a/stop

debian-9-mips

6

.rsync/a/stop

debian-9-mipsel

6

.rsync/b/a

ubuntu-18.04-amd64

7

.rsync/b/a

debian-9-armhf

7

.rsync/b/a

debian-9-mips

6

.rsync/b/a

debian-9-mipsel

7

.rsync/b/run

ubuntu-18.04-amd64

7

.rsync/b/run

debian-9-armhf

7

.rsync/b/run

debian-9-mips

7

.rsync/b/run

debian-9-mipsel

7

.rsync/b/stop

ubuntu-18.04-amd64

6

.rsync/b/stop

debian-9-armhf

6

.rsync/b/stop

debian-9-mips

6

.rsync/b/stop

debian-9-mipsel

6

.rsync/c/blitz

ubuntu-18.04-amd64

1

.rsync/c/blitz

debian-9-armhf

1

.rsync/c/blitz

debian-9-mips

1

Analysis

  • max time kernel
    11s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240226-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    07-03-2024 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .rsync/a/run

  • Size

    109B

  • MD5

    623f15febc9933354a6a08543ae49aa3

  • SHA1

    8b865eb9b747207160a6b5ff1aefad4fbc6fc465

  • SHA256

    1a0391e55d19ec582410044bf2ddaaaea7cf1277d23a8d26b0443bb8e40fa672

  • SHA512

    e1e048b28175eabef7aa5284cae83e44fba7438b72beeddc80c5e39a3b8adf03492ef90090d1fab84b509959fab4e3dd33ad66827c5759a3e9c451429c60bdc6

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.rsync/a/run
    /tmp/.rsync/a/run
    1⤵
    • Writes file to tmp directory
    PID:724
    • /tmp/.rsync/a/stop
      ./stop
      2⤵
        PID:726
      • /bin/sleep
        sleep 10
        2⤵
          PID:727
        • /bin/cat
          cat dir.dir
          2⤵
            PID:784
        • /usr/bin/nohup
          nohup ./kswapd0
          1⤵
            PID:785
          • /tmp/.rsync/a/kswapd0
            ./kswapd0
            1⤵
              PID:785

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /tmp/.rsync/a/bash.pid
              Filesize

              4B

              MD5

              461ffed7e68253e998dc0082246d4694

              SHA1

              942b2701a8af964428737366c59e2c845c2f999b

              SHA256

              f1aca6f974237101f9218438c624085f95f8d3eebe9ff64ce5d36336a4bb5ad8

              SHA512

              ae9d41968386806267889ffacf978f1f0926c05eddd79c4f809169348275fcd95904273210e7dd2f5b3db24f32533955eb8e004bfeb42eab6d69e31c10e1e892

              Download Submit