Overview

overview

10

Static

static

7

.rsync/a/a

ubuntu-20.04-amd64

10

.rsync/a/init0

ubuntu-20.04-amd64

6

.rsync/a/kswapd0

ubuntu-20.04-amd64

10

.rsync/a/run

ubuntu-20.04-amd64

3

.rsync/a/stop

ubuntu-20.04-amd64

10

.rsync/b/a

ubuntu-20.04-amd64

7

.rsync/b/run

ubuntu-20.04-amd64

7

.rsync/b/stop

ubuntu-20.04-amd64

6

.rsync/c/blitz

ubuntu-20.04-amd64

1

.rsync/c/blitz32

ubuntu-20.04-amd64

3

.rsync/c/blitz64

ubuntu-20.04-amd64

3

.rsync/c/go

ubuntu-20.04-amd64

3

.rsync/c/run

ubuntu-20.04-amd64

6

.rsync/c/start

ubuntu-20.04-amd64

9

.rsync/c/stop

ubuntu-20.04-amd64

6

Analysis

  • max time kernel
    599s
  • max time network
    600s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240221-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    15/04/2024, 16:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .rsync/b/run

  • Size

    72KB

  • MD5

    6ab073e5a6183bcef1d5262a9616ebfe

  • SHA1

    f6ffce31ffff78c28c3485255571459fce17a09e

  • SHA256

    d7a659b2af55a17679e84654ba42d483a0cf5a9e237c7dd5a1dc1976678fa542

  • SHA512

    884ff3c43ec10010b368c03696cbcc47fa9f84ca18658bb20ebdefd82282079027096526561db71cdac38c905d730fa02925294e864128f3be237e307ea1235b

  • SSDEEP

    768:Erk30DgUjDjpk88P1HkEssrOZOHVeu0BlGc67Bkezl5DTwHpohGTW2Zi+GvMKRa7:EfbpT8PqfZOHV2lyG6dkLpUqE3VuQz7a

Score
7/10

Malware Config

Signatures

  • Changes its process name 2 IoCs

Processes

  • /tmp/.rsync/b/run
    /tmp/.rsync/b/run
    1⤵
      PID:1478
      • /usr/bin/sleep
        sleep 5
        2⤵
          PID:1480
        • /usr/bin/nohup
          nohup ./stop
          2⤵
            PID:1479
          • /tmp/.rsync/b/stop
            ./stop
            2⤵
              PID:1479
            • /usr/bin/perl
              perl
              2⤵
              • Changes its process name
              PID:1749
              • /usr/local/sbin/uname
                uname -a
                3⤵
                  PID:1750
                • /usr/local/bin/uname
                  uname -a
                  3⤵
                    PID:1750
                  • /usr/sbin/uname
                    uname -a
                    3⤵
                      PID:1750
                    • /usr/bin/uname
                      uname -a
                      3⤵
                        PID:1750
                    • /usr/bin/base64
                      base64 --decode
                      2⤵
                        PID:1748
                      • /usr/bin/perl
                        perl
                        2⤵
                        • Changes its process name
                        PID:1754
                        • /usr/local/sbin/uname
                          uname -a
                          3⤵
                            PID:1755
                          • /usr/local/bin/uname
                            uname -a
                            3⤵
                              PID:1755
                            • /usr/sbin/uname
                              uname -a
                              3⤵
                                PID:1755
                              • /usr/bin/uname
                                uname -a
                                3⤵
                                  PID:1755
                              • /usr/bin/base64
                                base64 --decode
                                2⤵
                                  PID:1753

                              Network

                              MITRE ATT&CK Matrix

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads