Analysis
-
max time kernel
14s -
max time network
21s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
-
submitted
27-03-2024 21:01
General
-
Target
https://u.to/VyKIIA
Malware Config
Signatures
-
Changes its process name 33 IoCs
-
Reads user data of web browsers 13 IoCs
Reads stored browser data which can include saved credentials.
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes 1 TTPs 2 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 53 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 34 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/usr/bin/xdg-openxdg-open https://u.to/VyKIIA1⤵
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager2⤵
-
/usr/bin/dbus-launchdbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr3⤵
-
/bin/grepgrep " = \\\"xfce4\\\"\$"2⤵
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE2⤵
-
/bin/grepgrep -i "^xfce_desktop_window"2⤵
-
/usr/bin/xpropxprop -root2⤵
-
/bin/grepgrep -q "^Enlightenment"2⤵
-
/bin/unameuname2⤵
-
/bin/grepgrep -q "^file://"2⤵
-
/bin/egrepegrep -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/usr/local/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/usr/local/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/usr/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/usr/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/https2⤵
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager3⤵
-
/usr/bin/dbus-launchdbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr4⤵
-
/bin/grepgrep " = \\\"xfce4\\\"\$"3⤵
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE3⤵
-
/bin/grepgrep -i "^xfce_desktop_window"3⤵
-
/usr/bin/xpropxprop -root3⤵
-
/bin/grepgrep -q "^Enlightenment"3⤵
-
/bin/unameuname3⤵
-
/usr/bin/whichwhich firefox2⤵
-
/usr/bin/firefox/usr/bin/firefox https://u.to/VyKIIA2⤵
-
/usr/bin/whichwhich /usr/bin/firefox3⤵
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox https://u.to/VyKIIA2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
-
/usr/bin/dbus-launchdbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr3⤵
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/bin/sedsed -n "s/\\(^[[:alnum:]+\\.-]*\\):.*\$/\\1/p"1⤵
- Reads runtime system information
-
/bin/sedsed "s/:/ /g"1⤵
- Reads runtime system information
-
/usr/bin/headhead -n 11⤵
-
/bin/grepgrep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/bin/grepgrep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/bin/grepgrep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/bin/grepgrep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/bin/grepgrep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache1⤵
-
/bin/sedsed "s/:/ /g"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s|-|/|"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s|-|/|"1⤵
- Reads runtime system information
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/lsb_release/usr/bin/lsb_release -idrc1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0Filesize
466B
MD5e839d8ad9bb954e910485aa8ad3097f6
SHA1ea06a58cf5c8e747f44a59356bb10b87b5ccbd73
SHA2561d58368a29013c151b5bc654b52909215ec066d5a08dbaea0f1cc19ee7401c07
SHA512e5bd79393cbb13ca8bbedb0574183d54002e503e4d660553f40e1c0ef763b32db34833d63b7be560faec37fa4838abb95f99285451091e237b67fc5d008a3d34
-
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052Filesize
10B
MD5f808cd1e8d01dce728696e7c745b4999
SHA1062fd9a0db005a0a328de5d32dd9904b5254c8c7
SHA256f0e94f3db1dbb450cbf3d52c70338850785107efbfe18fb098a2217a7071ad30
SHA512eab4dee398710bb36a516fb28ce85db43fa29b65f0696ee905f572d721a208e94937e93976e6f6412681a0b11e8711d205aebf77c05cc09295fb79c5b4ecb682
-
/root/.mozilla/firefox/crr963qm.default/times.jsonFilesize
47B
MD5b898cd470d87c677b68fde7abef7c167
SHA1c0d9e222c8787e120e3f7b93bbf5ca97ce2dcc3d
SHA25600e48d0a9ba765174b84db853ba8b8cefc0bcac58fa800689fcb1fdbd1e56983
SHA512560fd939d5fdbcd64a192c49e6473c426c8750943a71e3a472893f6651fd14d9c6dc410927ce0d6066a3ab030abdef637408f50af5db83b9176f2f724a96f544
-
/root/.mozilla/firefox/i86yi6ah.default-release/compatibility.iniFilesize
163B
MD5fe452b7294d5928a9a5863b89ee0a6bd
SHA1a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e
-
/root/.mozilla/firefox/i86yi6ah.default-release/cookies.sqliteFilesize
32KB
MD5a7bcea1c0a0dfb9d44a9726ba016edff
SHA18dbdf3083273d3ba6aa3c7111321014383c6e823
SHA2560bf18382bae9b86c437f97017d3649075c13780273bb080dfe15f2a9be7a99e6
SHA51278316fef8ef1f1c1544717bef5344de0b896549f9c479b2318cf117cee078348fd4546e9e82e3a3ab4c65776cf0a116301440489ed75b475140c844eec84b765
-
/root/.mozilla/firefox/i86yi6ah.default-release/prefs-1.jsFilesize
1KB
MD58e192d7d46b3c924d5f1bdc5905be484
SHA1eca2ad96ea26509897ee362549666f368c3c0ee5
SHA2566a23dbf7768bc87cad9273473800a75a91d137b1fa787a2f447e3efcd392dc66
SHA51202837b3ca9af8d108858a7e1696ea9e52209cd604489f7e92630f021d14c85d71b53f9b665130be3df7b286bc5ad824424e632e789649f936cfd1f7de57a6d54
-
/root/.mozilla/firefox/i86yi6ah.default-release/prefs.jsFilesize
776B
MD5059da7b07b690b4a3532e7ea06ed267b
SHA172114f3f77bc3476f26fa93b8718b56f3e7bafe4
SHA256c0d29d53598d20cb95ca4f4c34b8b8de25350d339fa6b64b43b4cc16b20d21b7
SHA51288fe4e9da59a4d783f82a941fcfdcf3b134cf5ae76e85ea105e6ac73165efd7e8706decbb75a475e58ae791a2844f00338b57d847d4b835efb0b9c2f4e3fb572
-
/root/.mozilla/firefox/i86yi6ah.default-release/times.jsonFilesize
47B
MD582cf9b5dc3d55190665a7ad5a953ed70
SHA15f601cdb3752893dc3f4c8d710e18d8799f0e6c2
SHA25608e1336b816d4556de2a4e937236a7415ea7f5e895a528f224525e9dbb740aa3
SHA512c4289e6323530216b0bce63a88d204b3a42a6f8c8e17cfd9101785e0aee23dd19b995cbd84943a242a91edccfebe4387c779d1b82f845de65f73d9bd8e0b6bcc
-
/root/.mozilla/firefox/installs.iniFilesize
62B
MD518e50c32d2379ccf27c2164678c6ae95
SHA1c7acd7e03abbd8a815d4bcbe71645eb4568212e4
SHA25659fbbb8a987255b964789b2b515118e726f1c6a24d34578d929467762438d071
SHA5128d5a7ee93672e30db1b2c80af3a1ee304a8697dc01d073592fff1cd14a60442313c7c16415782a4b1c4804b39c5416f87c88838fbcf6eba240cefb45098cae7e
-
/root/.mozilla/firefox/profiles.iniFilesize
259B
MD56e29ef05907d259545a2bab9daf2b185
SHA1cd178e629e8fb916681cf160fcc7cf9ddab7a02b
SHA25606179dfc0256f925fb70ecf18d18ef3263e9e26b34bee900b03adb16d9437ddf
SHA512f442f63b8cba16923dc87d7eeacd2b5f7f62a1d48e2901e889e1e695e1537379e3c4f98ab13a8d83da34b6141ff46bfc98622c447a6b09d3018c1dbb17b49784