Overview

overview

10

Static

static

10

.bash_hist...utorun

ubuntu-18.04-amd64

6

.bash_hist...utorun

debian-9-armhf

6

.bash_hist...utorun

debian-9-mips

6

.bash_hist...utorun

debian-9-mipsel

6

.bash_history1/.kde/b

ubuntu-18.04-amd64

.bash_hist...kde/b2

ubuntu-18.04-amd64

.bash_hist.../crond

ubuntu-18.04-amd64

.bash_hist.../essyn

ubuntu-20.04-amd64

1

.bash_history1/.kde/f

ubuntu-20.04-amd64

.bash_hist...kde/f4

ubuntu-20.04-amd64

.bash_history1/.kde/g

ubuntu-20.04-amd64

.bash_history1/.kde/j

ubuntu-18.04-amd64

.bash_hist...kde/j2

ubuntu-20.04-amd64

.bash_hist...killer

ubuntu-18.04-amd64

.bash_hist...ch.vbs

windows7-x64

1

.bash_hist...ch.vbs

windows10-2004-x64

1

.bash_hist...de/run

ubuntu-18.04-amd64

1

.bash_hist...de/run

debian-9-armhf

1

.bash_hist...de/run

debian-9-mips

1

.bash_hist...de/run

debian-9-mipsel

1

.bash_history1/.kde/s

ubuntu-18.04-amd64

.bash_hist...kde/sl

ubuntu-20.04-amd64

.bash_hist...e/ssyn

ubuntu-20.04-amd64

1

.bash_hist...art.sh

windows7-x64

3

.bash_hist...art.sh

windows10-2004-x64

3

.bash_hist...de/std

ubuntu-18.04-amd64

.bash_hist...tealth

ubuntu-18.04-amd64

.bash_hist...stream

ubuntu-20.04-amd64

.bash_hist...e/talk

ubuntu-18.04-amd64

.bash_hist...de/tty

ubuntu-18.04-amd64

.bash_hist...update

ubuntu-18.04-amd64

1

.bash_hist...update

debian-9-armhf

1

Analysis

  • max time kernel
    1s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    11-04-2024 22:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .bash_history1/.kde/autorun

  • Size

    309B

  • MD5

    a27cd7f6ec00538d81eba3081cbdd3d3

  • SHA1

    7c80bfef642c3330dd26d340f15453247b4dbed9

  • SHA256

    cf6e9033be781ec8a1d5ea771657a9f5bdfbcff9154507028dc158cfd76b3ab9

  • SHA512

    c5dabbdcecdc677df4e5a46a37eaee3adc4a2a2a864cd6c397406de9663e09be884d13e9cd2752d8bd6234ae2c989b979dc29353794f47cdc3697cf71782cd63

Score
6/10
persistence

Malware Config

Signatures

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.bash_history1/.kde/autorun
    /tmp/.bash_history1/.kde/autorun
    1⤵
    • Writes file to tmp directory
    PID:671
    • /bin/cat
      cat dir
      2⤵
        PID:672
      • /usr/bin/crontab
        crontab cron
        2⤵
        • Creates/modifies Cron job
        • Reads runtime system information
        PID:675
      • /usr/bin/crontab
        crontab -l
        2⤵
        • Reads runtime system information
        PID:682
      • /bin/grep
        grep update
        2⤵
          PID:683
        • /bin/chmod
          chmod u+x update
          2⤵
            PID:685

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /var/spool/cron/crontabs/tmp.7NpEzu
          Filesize

          236B

          MD5

          a980071e0cac6ab92f3b49bce7eb0077

          SHA1

          859cec6d354134390013fc7010c5f43e52090975

          SHA256

          40436013355e3971299b89f2e311d0ef7b2a2bb6c8b7705ba8944c48809f107c

          SHA512

          137bc20e5734cb4f89482bed368313f73b077b6ee4c0422436af423023ca0073a5cef01559c4300463415634d0286bed82a28712e75736a7baa4a1ff9ecb58d3

          Download Submit