Overview

overview

10

Static

static

7

.rsync/a/a

ubuntu-18.04-amd64

10

.rsync/a/a

debian-9-armhf

10

.rsync/a/a

debian-9-mips

7

.rsync/a/a

debian-9-mipsel

7

.rsync/a/init0

ubuntu-18.04-amd64

6

.rsync/a/init0

debian-9-armhf

6

.rsync/a/init0

debian-9-mips

6

.rsync/a/init0

debian-9-mipsel

6

.rsync/a/kswapd0

ubuntu-18.04-amd64

10

.rsync/a/run

ubuntu-18.04-amd64

3

.rsync/a/run

debian-9-armhf

3

.rsync/a/run

debian-9-mips

3

.rsync/a/run

debian-9-mipsel

3

.rsync/a/stop

ubuntu-18.04-amd64

10

.rsync/a/stop

debian-9-armhf

10

.rsync/a/stop

debian-9-mips

6

.rsync/a/stop

debian-9-mipsel

6

.rsync/b/a

ubuntu-18.04-amd64

7

.rsync/b/a

debian-9-armhf

7

.rsync/b/a

debian-9-mips

6

.rsync/b/a

debian-9-mipsel

7

.rsync/b/run

ubuntu-18.04-amd64

7

.rsync/b/run

debian-9-armhf

7

.rsync/b/run

debian-9-mips

7

.rsync/b/run

debian-9-mipsel

7

.rsync/b/stop

ubuntu-18.04-amd64

6

.rsync/b/stop

debian-9-armhf

6

.rsync/b/stop

debian-9-mips

6

.rsync/b/stop

debian-9-mipsel

6

.rsync/c/blitz

ubuntu-18.04-amd64

1

.rsync/c/blitz

debian-9-armhf

1

.rsync/c/blitz

debian-9-mips

1

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240226-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    07-03-2024 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .rsync/b/run

  • Size

    72KB

  • MD5

    6ab073e5a6183bcef1d5262a9616ebfe

  • SHA1

    f6ffce31ffff78c28c3485255571459fce17a09e

  • SHA256

    d7a659b2af55a17679e84654ba42d483a0cf5a9e237c7dd5a1dc1976678fa542

  • SHA512

    884ff3c43ec10010b368c03696cbcc47fa9f84ca18658bb20ebdefd82282079027096526561db71cdac38c905d730fa02925294e864128f3be237e307ea1235b

  • SSDEEP

    768:Erk30DgUjDjpk88P1HkEssrOZOHVeu0BlGc67Bkezl5DTwHpohGTW2Zi+GvMKRa7:EfbpT8PqfZOHV2lyG6dkLpUqE3VuQz7a

Score
7/10

Malware Config

Signatures

  • Changes its process name 2 IoCs

Processes

  • /tmp/.rsync/b/run
    /tmp/.rsync/b/run
    1⤵
      PID:725
      • /usr/bin/nohup
        nohup ./stop
        2⤵
          PID:727
        • /bin/sleep
          sleep 5
          2⤵
            PID:728
          • /tmp/.rsync/b/stop
            ./stop
            2⤵
              PID:727
            • /usr/bin/base64
              base64 --decode
              2⤵
                PID:741
              • /usr/bin/perl
                perl
                2⤵
                • Changes its process name
                PID:742
                • /usr/local/sbin/uname
                  uname -a
                  3⤵
                    PID:751
                  • /usr/local/bin/uname
                    uname -a
                    3⤵
                      PID:751
                    • /usr/sbin/uname
                      uname -a
                      3⤵
                        PID:751
                      • /usr/bin/uname
                        uname -a
                        3⤵
                          PID:751
                        • /sbin/uname
                          uname -a
                          3⤵
                            PID:751
                          • /bin/uname
                            uname -a
                            3⤵
                              PID:751
                          • /usr/bin/perl
                            perl
                            2⤵
                            • Changes its process name
                            PID:755
                            • /usr/local/sbin/uname
                              uname -a
                              3⤵
                                PID:764
                              • /usr/local/bin/uname
                                uname -a
                                3⤵
                                  PID:764
                                • /usr/sbin/uname
                                  uname -a
                                  3⤵
                                    PID:764
                                  • /usr/bin/uname
                                    uname -a
                                    3⤵
                                      PID:764
                                    • /sbin/uname
                                      uname -a
                                      3⤵
                                        PID:764
                                      • /bin/uname
                                        uname -a
                                        3⤵
                                          PID:764
                                      • /usr/bin/base64
                                        base64 --decode
                                        2⤵
                                          PID:754

                                      Network

                                      MITRE ATT&CK Matrix

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads