Resubmissions
23/04/2024, 10:15
240423-maftaafd86 723/04/2024, 10:13
240423-l9k2lsfd75 423/04/2024, 09:34
240423-ljtwtsfb98 722/04/2024, 04:36
240422-e8rpfafe95 422/04/2024, 04:36
240422-e8epwafg7w 422/04/2024, 04:35
240422-e71kysfe85 722/04/2024, 04:31
240422-e5nhlsfe48 722/04/2024, 03:44
240422-eajk6sfa85 422/04/2024, 03:43
240422-d94vqafd2z 722/04/2024, 03:42
240422-d9vl2sfd2t 4Analysis
-
max time kernel
1992s -
max time network
2337s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
-
submitted
23/04/2024, 09:34
General
-
Target
https://www.google.com
Malware Config
Signatures
-
Reads user data of web browsers 6 IoCs
Reads stored browser data which can include saved credentials.
-
Changes its process name 64 IoCs
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes 1 TTPs 9 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 58 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 63 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/usr/bin/firefoxfirefox -new-tab https://www.google.com1⤵
-
/usr/bin/whichwhich /usr/bin/firefox2⤵
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -new-tab https://www.google.com1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
-
/usr/bin/dbus-launchdbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr2⤵
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/libexec/xdg-desktop-portal/usr/libexec/xdg-desktop-portal4⤵
- Reads runtime system information
-
-
/usr/libexec/xdg-document-portal/usr/libexec/xdg-document-portal4⤵
- Reads runtime system information
-
-
/usr/libexec/xdg-permission-store/usr/libexec/xdg-permission-store4⤵
- Reads runtime system information
-
-
/usr/libexec/xdg-desktop-portal-gtk/usr/libexec/xdg-desktop-portal-gtk4⤵
- Reads runtime system information
-
-
/usr/lib/gvfs/gvfsd/usr/lib/gvfs/gvfsd4⤵
- Reads runtime system information
-
-
-
-
/usr/bin/lsb_release/usr/bin/lsb_release -idrc2⤵
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{dc204875-6082-4105-ae59-f0c83449f43b}" 1565 true socket2⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{247a6a61-a3f7-411c-9378-b05677766427}" 1565 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{5332f356-612c-4e85-99d9-3cc35205d12e}" 1565 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
/usr/lib/gvfs/gvfsd-fuse/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes1⤵
- Reads runtime system information
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5c4103f122d27677c9db144cae1394a66
SHA11489f923c4dca729178b3e3233458550d8dddf29
SHA25696a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA5125ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54
-
Filesize
15KB
MD5195247438d669c27280476583e5556f2
SHA17930ee71e4becf76658bf6d21b8af65bcf7a60a3
SHA25625aa0e12f116504032ab3e48cdfc1947ccfdcc64e7f287aecbfe4d5e059ada55
SHA5126c50ae4539d7b084f31e343da24c5de59046308fa08d0a5f0c98b0d6ed430a0f888c9fcc784f1d1dfac3dfc7acd778c04a6083f7cc3cfb5d128923d9c051e18f
-
Filesize
13KB
MD543a20393fe5c67bac9b9beade3f264d4
SHA1a9719886d38cbe11a6051bade5d04a5fde9506db
SHA25654a787da5f570f50dc26beb2cf1647e12e95f836687f2e628bc359e5e5159d6e
SHA512917ea9f26d8236fa80be41f9bbbd5da1870bf1de1b67728e740f09ccc373de605e7c83b9aeb26269f87c991bfb5376fb284f9a320e4e025f8be8c91cc424d4df
-
Filesize
26KB
MD5d314b7ee69b668845bd0c19270688643
SHA1e47a71860dd3d54bca5649e542a989b418a05494
SHA256fca8044a81cfae2426a675db498127cca28efaca33c346dbc1acb11bdbd14b15
SHA512a1a553b4091a53ff7eaff6402be54032f5ffc0047de502b11bbc4cff0688a85aff33f8ae191f5dadc6f43bc5f1163a4914072b7bc008d75cec2fa55985e0a1e7
-
Filesize
10KB
MD56c858fb8e129e4e0c4fb987a16a513a1
SHA153c9504ec34391ee76c77a2f6cafcfb09a033ed7
SHA2564e4726ee2fb4587733f4bff8ed61809fe916ff6adc9b2cd2a0c5a7322aa81c09
SHA512c1f922a77884ce1c01779656d5b7048b8a319d06220eece5486aa9b81aaf79efbf8e80b0afeada5a4c9e81635cd2d7cce75eb23157f0783455c9ba45ae6a8e1f
-
Filesize
62KB
MD5c64d4c720ac7bc27c4bbcaba738c1f4d
SHA104f2f373adcb70df57488c849da9c48a01a11e86
SHA25645dbe03df99af13f2ad47c4a9a437fc5aacf1af22db77060d66343dd7bbb8743
SHA512eeee4d8e602c73ccc74f18f749f76a7643e2b3d752c9e01ddb9f129a6caf1b365d4ff2b98451bbe9439e826a4f51b100556d539b5cfa22db33e3029d613a7924
-
Filesize
466B
MD56156abd474b25a4045a7618a2e50b144
SHA1e8abe0129c8f31341f30312984677d27c5f05a6b
SHA256182749725e8a40d105442bbf56198d3ba18168e06d118487bc2c0b7132ef6538
SHA512460a9f3129cb1f71f5f1ccd95677c17c52ccf474d9f16633e5485b186d7013795eba1aae13314dc188b8dff9744993b384d61eda39351c7f8d444f712323ce1b
-
Filesize
47B
MD5d118f4c898b4d8feb1f9f882f47764c4
SHA1894ff5073bb727fce444845341000e4a2ecf21d0
SHA25606503b5d6c910d550a7d9d53a002b4f298486cfe263a892414fd04980b59b264
SHA5126e0e95200e5564a3aff943b5ebb5bb370c44d3fff8be9ba1339059cf95279c0910d8e91238ce2ef1793757438c2ff7cae505554182fa79ba1d45fb3cd2ee93fb
-
Filesize
10B
MD584122ff4acb0e12a014fe32cd3de233c
SHA13755dcbbf1d90927ab9eb91db4898e3270dd4906
SHA25625f4cb54fa2fee1a1b96a7b09eaa39c0925f383b8f4803ba06a5b4ce0d969339
SHA5128eedbb4023a5b2baab37a80089eda4810f9855e92b077526871f42ad84b4eb50f91f4b61a3434b277802bd1b52b7bd28e4f2872a5fc15a8cce015a3f220451cf
-
Filesize
224KB
MD56cd5a0043a0db923ea99fa408ee1c6e5
SHA1562ae593d724c3f9df8d009c176754e8d3f67cf7
SHA2563b1abb7494aeed8ad167d77581b9e5284e3646235550b460fdd61786b63cc192
SHA5127a3b14637df4a082c5728da1f8bcc967d879af5d7a587d1d540ad9b38c9550c18be486ff7589d1c9d92eb09328ed2fc92ebc098058f905eac3ea904daffe6ff0
-
Filesize
163B
MD5fe452b7294d5928a9a5863b89ee0a6bd
SHA1a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e
-
Filesize
224KB
MD51fc2e7b7fe2c5be305dfa9a2bbb60771
SHA14967389dea050001cb1af3ec799edb7805c3abb8
SHA2561953edcac737d1ad3de6fbf69671163882fdc0be5bd21d00378d8d8c753c757a
SHA512fba536378ab9b5f04d92f1029b92d255c7da445a29e2527647bc16e57d02c179de1e78a2de11db1b00cc54c24d3715980c84c0cde103f47c6150f2e7bb8f93d5
-
Filesize
96KB
MD59535f5fe817accc769c2c1d3354db39f
SHA16af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837
-
Filesize
96KB
MD520ba4e5a4101aa649d0011684055ad46
SHA152356db4ffac49cdbbd35e165a0ff03f32fe5c24
SHA256b63830bcfa3dd093f62e4b7a9caaf60b0ec69ccc63ccfcca40809aa9f0d57a3a
SHA512e4383dd10d6de938b606ffeca4b4a5b06fc55aaf4792133fa97d80e7dce5a4497506f261cf75fccad24d5531bab10753f5f7b984df3a6d452670730ba26fde9a
-
Filesize
288KB
MD5a9bea0715f97fd1f8e8b8ad35e84c3eb
SHA162533d848fec831f469c544d9264e329c6de971b
SHA2569b04d9257837ca19426c158dd3e288d44084caf44aa93bb97c7b402e48889dec
SHA5126ac7c4a62902143e800fb3f26ad460d75c235b3ccfbc693c11c1f84849cdb8ed28c91ce922cdcc8cd5861ede63f70cfae38d9ae095808bcaa6d86dddb5fedf83
-
Filesize
96KB
MD532f3c1c83474b4629571dc35ad28f31e
SHA119ca7aa5e6da750014b6a459553cfe7869ee7c14
SHA2565cd03cc4c766cee0cf7a3293332a23ab3ab3d88724589666bf5e1f84609de0c5
SHA5127e4eee79f8ce2b780b7275e133e2c6eab6cdf72615434889e309c777bc35bb73468c7f5dc42b8972e493d70b39e5cbe91adcf216e3c5998c091d06e312c20bee
-
Filesize
2KB
MD51ae4b614ea2a47a55d52c6ce84cfbecb
SHA11a772ffbb88585986b8d8d64425b25af44c34f54
SHA25679138ba0a5b7cd62b67f5262f08971d3ead80899588ac0744d167807b6258e61
SHA5124568b531ec3afd51189c3327d8dd2c7d01590769044bc3eaabba3f67a266884825e9d02f97254e037eb536e9c36bc36ba74219678b6bd7ad43b23c9f470aaf30
-
Filesize
2KB
MD589fe4441cc9da544f21dda14c2853670
SHA12001161ad42c670d618ab9a2fb627333007a4282
SHA256972a7aa1fd2e49b508b6edca14253fbe47dc2dd5d4b932a4065c1d9cf021a194
SHA5127a8aaf7122025726f9f5c1cc7a6905a20bc6329779cc619350ed67887f09c9b5a6ec25947681b54e028ff4de56486c563b72f46695462b430a3b178ad61882ec
-
Filesize
2KB
MD5ab1499ac8a5224222207fa9a6d313625
SHA15f8adb879ad6ba1ae03011fcb05a961b359b61a4
SHA2561063fcd42f76828299a31d0418ef3056e90c452b2f1179fdcc7a5f5381da616e
SHA5128aa50f5114884b595064727d93f8064e92fca21ba6cb45f05787d8eb0f9e570b45b472c75f0a800b6bc452227528677a69213b471ac456cdc226984ed124b236
-
Filesize
3KB
MD56e10d2028505f39f2ed10029196d4fe2
SHA15035de9fff37dff8a10418cfc7f24972d7fe118f
SHA2563267427009ab2e091bfef574f64ff5cce2bc0e3c8857324d8ed82d31f44b53d2
SHA512bce2b2c12a1c5e387a8f1ffaaac6305764091ebdcaf29a5227f258bb10824a9247243863b9ae220b60fca5d4044c6b296683a2d5f1c6cf4987041290e3f3c160
-
Filesize
4KB
MD5121960e933f5b2e16e99f9426683affd
SHA19c240499da4bd3493d40384f47071f38d6050714
SHA256c24f3591a9bf380175c378b6e5c90218415090117a37289a5e69cdae0f86824f
SHA512929aa9776f516bbeb61aabb6eccc30f9456c082dcf2fa0eabc7be398f3be71f0e2a8996e74a42057e93348dd726854d336b80bc34071fb468c72c931421c6e50
-
Filesize
1KB
MD5bd3e4a7193c2af7bb4d44e414aa53b7c
SHA1b22cded6678726666a8c8c986f2d7d80f9aa9d9d
SHA256704b780aae4e7fd77e7087487c8109ae266aea89d57a39e0febefecc86ab7497
SHA5122b6f46aeebf8284786f73ca9d82de91d37c6fa4cd933087340e7ea4260441231bebb0b24e10286ba44dbce946400b35856966c055c7afb2b718832b71139ba70
-
Filesize
64KB
MD5c7cc11494c34e02565df83d17beb33b3
SHA1f379ad7c0fa73476d3828d8a89ef843046332c12
SHA2567ca17bb171e22b4ec498c1d20587b30d62d773b114d0e66bb00ec874506eb85f
SHA5120cfcb15a985a35e917c9652721b516e2d1c358c6db3dca4452e866d250b6269c4cc69773277f5ddd5a0c5a338f95d9f6134224f0097df194985161cd3d47cfd6
-
Filesize
96KB
MD5e0c613bfd69956a19ce2dc5e925aa223
SHA114accb230edcd6cb76967cdc6d4e5686db96b5df
SHA2560d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA51201643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1
-
Filesize
128KB
MD5178d71e5529d637ac62f7e75fdd75896
SHA1339f2b949cc4c207b66aea11137448ba28d36dcb
SHA2567b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664
-
Filesize
42B
MD556316a97b91d072b73d2c9ce555b26e7
SHA16db334e7c8a1db47f4c64e0ff3af2393d5b89f1b
SHA2566dadd8bc0461ccf16ebe1a5a5172b1fa72f2841526d6e2a91f591166531497b9
SHA512f625ad420e348c841bddd6b6a6220f286c4a95f3d05b1e6d55b6fa9478b6b2e1221d35f205608bb51621064eaac88a8c2f3642957c044684abb006cc6e0a26fd
-
Filesize
44KB
MD5759544297aaa61f5fef8ee42d0ae4393
SHA1fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA2561bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA5128aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f
-
Filesize
12KB
MD574585f3637b98ae526d6495856efceb3
SHA173cffab587836518932b0b8ad8756bb8bbbfdc7b
SHA2563fe53459941bbce33259c9a1e9966340bc54fb184e555a67d560dd09e69b5102
SHA512266a1d220cc57a778b3c658b0da407d0c7b98215220eab9baf58c5d1af55d5e3b91cfead285d1653957b46dc40686740d245de0da82042b3218e5baed0c68771
-
Filesize
44KB
MD507a412e08825220262ad2890757ff779
SHA1f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA5120134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b
-
Filesize
12KB
MD5fcf6ebf2fc663150c2ee5cd69042288c
SHA1b2f4d69dc002ea4e335c4061d5493312b581da1c
SHA256cdadbfb63bfad39f5017edc5b502fe5fdb89625b5af4a74aaf8372f955bbd03e
SHA5127e1dd8bdbe99649d15802b526e84e6193a31f6a4c2a91c74f4475ce2ab6589a5093e9b50dea6531cb13b3741571468f44b660e8fc1a1dc51bc995ae4f80ad16b
-
Filesize
164KB
MD5096b4de877a9b484740be286885489e0
SHA1eb038fd6c4e44c8f2aa0b1f1c38a2269e5711b40
SHA256b83bd081631b15270105f8edd671e67606e84caba61a596af8e17cea5010c897
SHA5125f22c7d3055caa52d370788a0c04b2a2326038690355c60d9e8c281c69de99451d2df846ae48fc95e7be3564c1d22a9372a1e5db9db60fe39fe0d718191fa220
-
Filesize
148KB
MD5dd3f6ba37c670af5953593535e435d04
SHA1ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA2565cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA51286e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3
-
Filesize
260KB
MD579e805ba7ae8b8c943945720c43701fb
SHA19ef184efc81fd55c0a7dd0fe592a7c11cf59421a
SHA256e0b626fa2690283b6ee531551f46167c8ae301dac58effab3d5f4540dcb99180
SHA51207397ba4d1c29245b86747425a8dee1fcbde47e2efc545e315b3b8cec910976f72e3c663c6a0881de0fcd9814361a9697fabfcebed2981b45c0108bb4cd2fa75
-
Filesize
50B
MD59a0c51238be7f0841ecd4da4a2bccb11
SHA11c0cb637e7b2e1f0b50a1a22761815d8b2b752a6
SHA256373f1c67c33828059cf9989f1f42d12f96a0b1105d13cadcd7ba5409710bdd5b
SHA5128a61dd29eb6f6c3be7f02e7d9a258eeef6974f3a93f6dcc15f643af531ff7e6a59dc0019c9dd43ec04735cdd5d203160aabba720b18a1e6c0678fd16928f565f
-
Filesize
47B
MD5dcbbb0ade00557f6cd9740228d29e207
SHA1c40d55f9e33409301575beb973c1b8cba026df70
SHA2566accc441df4f514b5c0a9e0e2e79e9bf8dc1f47bd2328fb6831ff6f8aa78ec3f
SHA51265ec144713294d22849e30e058afad983f90686a73ca49173a1a9663c9655d222a4abfa7265fc99e3da8abab5eda1ab02171a1e8dc802669b9809d0a168d64fd
-
Filesize
62B
MD5e81f77b3d0f333621ef6043e2dea3a7c
SHA1e3d004c1b85b3759e8afbb1c53a11cc5cd136e63
SHA2560d27996522a24f0f825aaba9cb3f411364f90f052e1e8c2a80615db8487bc9ee
SHA51205e6dd9d4bafe46c28dec5fa6e990539abaf6842a187ab9aed5444f485fa9a32c386f4b25be7a0db7275688955a8c286036f534b30954eb7528b876faa5367cd
-
Filesize
259B
MD565859937455725f2aea003a9c806f793
SHA148331e45df523a6f418192e6eac406e68cc177b8
SHA256b73d6ea18e6f86b0585bf9e13fad6f919cf5141bc64c37e66279be02dcb47942
SHA5127d3eba5955afc8c23d2a8bbd44a50e49a680db79e3340017468069b35b362eef728b90bfd426811f71194b75efb6a867f8508e3082015292bfc2950962044f45