Analysis
-
max time kernel
34s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
-
submitted
07-03-2024 18:02
General
-
Target
.rsync/a/init0
-
Size
9KB
-
MD5
019e23027bc3849142dd8625451ed5c0
-
SHA1
982c0318414c3fdf82e3726c4ef4e9021751bbd9
-
SHA256
0e8472f2005560c6f4db4e5aef39e5d35185b35c67f70a27c8b3dcb242eed25e
-
SHA512
89fd143e3060669df59feeb599cb5042bf8996983dd9073a53cf1d00d408ec9930e1ce29a1aa3aa1f1157a3a6dee1a0cc32f0791c92f75ed0f74c59f326cdc32
-
SSDEEP
96:97gXuXeR7P0YQH8h9GVQbxgeJwI222bznGWDKKFZ5W:97xeRb038hAGbxIz9/0
Score
6/10
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 35 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/.rsync/a/init0/tmp/.rsync/a/init01⤵
-
/bin/rmrm /tmp/.cron2⤵
-
-
/bin/rmrm "/tmp/Donald*"2⤵
-
-
/bin/rmrm "/tmp/Macron*"2⤵
-
-
/bin/rmrm /tmp/.main2⤵
-
-
/bin/rmrm "/tmp/.yam*" -rf2⤵
-
-
/bin/rmrm -f /tmp/irq2⤵
-
-
/bin/rmrm -f /tmp/irq.sh2⤵
-
-
/bin/rmrm -f /tmp/irqbalanc12⤵
-
-
/bin/rmrm -rf /boot/grub/deamon2⤵
-
-
/bin/rmrm -rf /boot/grub/disk_genius2⤵
-
-
/bin/rmrm -rf "/tmp/*httpd.conf"2⤵
-
-
/bin/rmrm -rf "/tmp/*httpd.conf*"2⤵
-
-
/bin/rmrm -rf "/tmp/*index_bak*"2⤵
-
-
/bin/rmrm -rf "/tmp/.systemd-private-*"2⤵
-
-
/bin/rmrm -rf "/tmp/.xm*"2⤵
-
-
/bin/rmrm -rf /tmp/a7b104c2702⤵
-
-
/bin/rmrm -rf /tmp/conn2⤵
-
-
/bin/rmrm -rf /tmp/conns2⤵
-
-
/bin/rmrm -rf /tmp/httpd.conf2⤵
-
-
/bin/rmrm -rf "/tmp/java*"2⤵
-
-
/bin/rmrm -rf /tmp/kworkerds /bin/kworkerds /bin/config.json /var/tmp/kworkerds /var/tmp/config.json /usr/local/lib/libjdk.so2⤵
-
-
/bin/rmrm -rf /tmp/qW3xT.2 /tmp/ddgs.3013 /tmp/ddgs.3012 /tmp/wnTKYg /tmp/2t3ik2⤵
-
-
/bin/rmrm -rf /tmp/root.sh /tmp/pools.txt /tmp/libapache /tmp/config.json /tmp/bashf /tmp/bashg /tmp/libapache2⤵
-
-
/bin/rmrm -rf "/tmp/xm*"2⤵
-
-
/bin/rmrm -rf "/var/tmp/java*"2⤵
-
-
/bin/psps auxw2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/awkawk /34e2fg/2⤵
-
-
/usr/bin/awkawk "!/awk/"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/usr/bin/killallkillall -9 chron-34e2fg2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "/34e|r\\/v3|moy5|defunct/"2⤵
-
-
/bin/psps wx2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$1}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -9 7123⤵
-
-
/usr/local/bin/killkill -9 7123⤵
-
-
/usr/sbin/killkill -9 7123⤵
-
-
/usr/bin/killkill -9 7123⤵
-
-
/sbin/killkill -9 7123⤵
-
-
/bin/killkill -9 7123⤵
- Reads CPU attributes
-
-
-
/bin/psps axf -o "pid %cpu"2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/awkawk "{if(\$2>=40.0) print \$1}"2⤵
-
-
/usr/bin/killallkillall .Historys2⤵
-
-
/usr/bin/killallkillall .sshd2⤵
-
-
/usr/bin/killallkillall neptune2⤵
- Reads runtime system information
-
-
/usr/bin/killallkillall xm642⤵
- Reads runtime system information
-
-
/usr/bin/killallkillall xm322⤵
- Reads runtime system information
-
-
/usr/bin/killallkillall ld-linux2⤵
- Reads runtime system information
-
-
/usr/bin/killallkillall xmrig2⤵
- Reads runtime system information
-
-
/usr/bin/killallkillall .xmrig2⤵
- Reads runtime system information
-
-
/usr/bin/killallkillall suppoieup2⤵
-
-
/usr/bin/killallkillall xrx2⤵
-
-
/usr/bin/pkillpkill -f sourplum2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill wnTKYg2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep mine.moneropool.com2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:80802⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/bin/grepgrep xmr.crypto-pool.fr:80802⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep 119.9.76.107:4432⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep monerohash.com2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep /tmp/a7b104c2702⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep xmr.crypto-pool.fr:66662⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep xmr.crypto-pool.fr:77772⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep xmr.crypto-pool.fr:4432⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep stratum.f2pool.com:88882⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/bin/grepgrep xmrpool.eu2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep xmrig2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/bin/grepgrep xmrigDaemon2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep xmrigMiner2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs kill -92⤵
-
/usr/local/sbin/killkill -93⤵
-
-
/usr/local/bin/killkill -93⤵
-
-
/usr/sbin/killkill -93⤵
-
-
/usr/bin/killkill -93⤵
-
-
/sbin/killkill -93⤵
-
-
/bin/killkill -93⤵
- Reads CPU attributes
-
-