Analysis
-
max time kernel
146s -
max time network
150s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
-
submitted
07-03-2024 18:02
General
-
Target
.rsync/b/run
-
Size
72KB
-
MD5
6ab073e5a6183bcef1d5262a9616ebfe
-
SHA1
f6ffce31ffff78c28c3485255571459fce17a09e
-
SHA256
d7a659b2af55a17679e84654ba42d483a0cf5a9e237c7dd5a1dc1976678fa542
-
SHA512
884ff3c43ec10010b368c03696cbcc47fa9f84ca18658bb20ebdefd82282079027096526561db71cdac38c905d730fa02925294e864128f3be237e307ea1235b
-
SSDEEP
768:Erk30DgUjDjpk88P1HkEssrOZOHVeu0BlGc67Bkezl5DTwHpohGTW2Zi+GvMKRa7:EfbpT8PqfZOHV2lyG6dkLpUqE3VuQz7a
Score
7/10
Malware Config
Signatures
-
Changes its process name 2 IoCs
Processes
-
/tmp/.rsync/b/run/tmp/.rsync/b/run1⤵
-
/bin/sleepsleep 52⤵
-
-
/usr/bin/nohupnohup ./stop2⤵
-
-
/tmp/.rsync/b/stop./stop2⤵
-
-
/usr/bin/perlperl2⤵
- Changes its process name
-
/usr/local/sbin/unameuname -a3⤵
-
-
/usr/local/bin/unameuname -a3⤵
-
-
/usr/sbin/unameuname -a3⤵
-
-
/usr/bin/unameuname -a3⤵
-
-
/sbin/unameuname -a3⤵
-
-
/bin/unameuname -a3⤵
-
-
-
/usr/bin/base64base64 --decode2⤵
-
-
/usr/bin/perlperl2⤵
- Changes its process name
-
/usr/local/sbin/unameuname -a3⤵
-
-
/usr/local/bin/unameuname -a3⤵
-
-
/usr/sbin/unameuname -a3⤵
-
-
/usr/bin/unameuname -a3⤵
-
-
/sbin/unameuname -a3⤵
-
-
/bin/unameuname -a3⤵
-
-
-
/usr/bin/base64base64 --decode2⤵
-