Overview

overview

10

Static

static

10

.bash_hist...utorun

ubuntu-18.04-amd64

6

.bash_hist...utorun

debian-9-armhf

6

.bash_hist...utorun

debian-9-mips

6

.bash_hist...utorun

debian-9-mipsel

6

.bash_history1/.kde/b

ubuntu-18.04-amd64

.bash_hist...kde/b2

ubuntu-18.04-amd64

.bash_hist.../crond

ubuntu-18.04-amd64

.bash_hist.../essyn

ubuntu-20.04-amd64

1

.bash_history1/.kde/f

ubuntu-20.04-amd64

.bash_hist...kde/f4

ubuntu-20.04-amd64

.bash_history1/.kde/g

ubuntu-20.04-amd64

.bash_history1/.kde/j

ubuntu-18.04-amd64

.bash_hist...kde/j2

ubuntu-20.04-amd64

.bash_hist...killer

ubuntu-18.04-amd64

.bash_hist...ch.vbs

windows7-x64

1

.bash_hist...ch.vbs

windows10-2004-x64

1

.bash_hist...de/run

ubuntu-18.04-amd64

1

.bash_hist...de/run

debian-9-armhf

1

.bash_hist...de/run

debian-9-mips

1

.bash_hist...de/run

debian-9-mipsel

1

.bash_history1/.kde/s

ubuntu-18.04-amd64

.bash_hist...kde/sl

ubuntu-20.04-amd64

.bash_hist...e/ssyn

ubuntu-20.04-amd64

1

.bash_hist...art.sh

windows7-x64

3

.bash_hist...art.sh

windows10-2004-x64

3

.bash_hist...de/std

ubuntu-18.04-amd64

.bash_hist...tealth

ubuntu-18.04-amd64

.bash_hist...stream

ubuntu-20.04-amd64

.bash_hist...e/talk

ubuntu-18.04-amd64

.bash_hist...de/tty

ubuntu-18.04-amd64

.bash_hist...update

ubuntu-18.04-amd64

1

.bash_hist...update

debian-9-armhf

1

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-04-2024 22:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .bash_history1/.kde/start.sh

  • Size

    27B

  • MD5

    a224cfe19f43953d06432c7b7d2f17db

  • SHA1

    d09707b31621536a6641481980076c4a4a50f0e3

  • SHA256

    0ce922c5886e74bd29daf323e46789392b6b8f171893b976c7753d404aaf35be

  • SHA512

    d685ce6c3c455d5cdab347930d7b8e1b6823d231eed2502043393760df75e51b21d456ca1f8d6e288c7832d4a10c9fd10dedc24928a652a9d014fa97e3030495

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\.bash_history1\.kde\start.sh
    1⤵
    • Modifies registry class
    PID:4888
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads