Resubmissions
28/04/2024, 19:17
240428-xzf6fsfb91 828/04/2024, 19:13
240428-xxc11seg69 828/04/2024, 02:09
240428-cllhssdh73 828/04/2024, 02:07
240428-ckenvsdh43 827/04/2024, 19:08
240427-xs7ptsfa7z 827/04/2024, 19:07
240427-xsnlysfa7s 827/04/2024, 18:59
240427-xm98rseh91 827/04/2024, 18:58
240427-xmxbxaed75 827/04/2024, 18:58
240427-xmj2ksed68 827/04/2024, 18:56
240427-xltvdsed58 8Analysis
-
max time kernel
5s -
max time network
38s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
-
submitted
27/04/2024, 19:07
General
-
Target
http://tracking.collegefindme.com/?xtl=ae4twbv71eyvs6ulm5m359fjhzj1muu28evxs29zxv9oxxkaufxs5xb3zsdb04w9s9fjxq4vjsksoodq966jzbi6f7jn8e8nft3cxlatb6ld3jsdod379dpc7exkul34381u4i5d7w074pnqi286egewphfhpwp72xt51y4hkitabe6snqg608vfr5v8u62dlxufkx95915crx8tvtspiqbo6pg7t8otnphgj60xgm6pwo1uwqqa7gy02h2kyhauobdkl2b46xv&eih=1l5wnyt7mvmj0rn8kf13pz70crct&__stmp=sci9ud&email=rcolwell1%40ewu.edu&first_name=Reynard&last_name=Colwell&newestsource&Source&YearAdded=2023
Malware Config
Signatures
-
Changes its process name 64 IoCs
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes 1 TTPs 5 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 57 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 56 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/usr/bin/firefoxfirefox -new-tab "http://tracking.collegefindme.com/?xtl=ae4twbv71eyvs6ulm5m359fjhzj1muu28evxs29zxv9oxxkaufxs5xb3zsdb04w9s9fjxq4vjsksoodq966jzbi6f7jn8e8nft3cxlatb6ld3jsdod379dpc7exkul34381u4i5d7w074pnqi286egewphfhpwp72xt51y4hkitabe6snqg608vfr5v8u62dlxufkx95915crx8tvtspiqbo6pg7t8otnphgj60xgm6pwo1uwqqa7gy02h2kyhauobdkl2b46xv&eih=1l5wnyt7mvmj0rn8kf13pz70crct&__stmp=sci9ud&email=rcolwell1%40ewu.edu&first_name=Reynard&last_name=Colwell&newestsource&Source&YearAdded=2023"1⤵
-
/usr/bin/whichwhich /usr/bin/firefox2⤵
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -new-tab "http://tracking.collegefindme.com/?xtl=ae4twbv71eyvs6ulm5m359fjhzj1muu28evxs29zxv9oxxkaufxs5xb3zsdb04w9s9fjxq4vjsksoodq966jzbi6f7jn8e8nft3cxlatb6ld3jsdod379dpc7exkul34381u4i5d7w074pnqi286egewphfhpwp72xt51y4hkitabe6snqg608vfr5v8u62dlxufkx95915crx8tvtspiqbo6pg7t8otnphgj60xgm6pwo1uwqqa7gy02h2kyhauobdkl2b46xv&eih=1l5wnyt7mvmj0rn8kf13pz70crct&__stmp=sci9ud&email=rcolwell1%40ewu.edu&first_name=Reynard&last_name=Colwell&newestsource&Source&YearAdded=2023"1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
-
/usr/bin/dbus-launchdbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr2⤵
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/libexec/xdg-desktop-portal/usr/libexec/xdg-desktop-portal4⤵
- Reads runtime system information
-
-
/usr/libexec/xdg-document-portal/usr/libexec/xdg-document-portal4⤵
- Reads runtime system information
-
-
/usr/libexec/xdg-permission-store/usr/libexec/xdg-permission-store4⤵
- Reads runtime system information
-
-
/usr/libexec/xdg-desktop-portal-gtk/usr/libexec/xdg-desktop-portal-gtk4⤵
- Reads runtime system information
-
-
/usr/lib/gvfs/gvfsd/usr/lib/gvfs/gvfsd4⤵
- Reads runtime system information
-
-
-
-
/usr/bin/lsb_release/usr/bin/lsb_release -idrc2⤵
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{fec0fd83-bebb-4493-a661-48681ba6d045}" 1512 true socket2⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{338e77cc-dced-4a16-a4cd-a181be12fc4d}" 1512 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{2623a1bc-6d9e-486a-a06b-f7a7f7e640c6}" 1512 true tab2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
/usr/lib/gvfs/gvfsd-fuse/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes1⤵
- Reads runtime system information
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5c4103f122d27677c9db144cae1394a66
SHA11489f923c4dca729178b3e3233458550d8dddf29
SHA25696a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA5125ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54
-
Filesize
13KB
MD594fbe70f04823bd1f68728e833d3f0b3
SHA1162bee5ad3672c4e905d406152e650b3e4fc2160
SHA256709c362234aa0d454c1ca807141dcc5589b0df49fdafa9abc69126ff8aee1995
SHA51273eb72a517ce9356d7c744d0ee346595813ebc6d42a38b62269c3edb4f4c0838aa882a9954cce7e4d7868b5b63ea901c45ae6d1220b14550d34daecf6bca4059
-
Filesize
466B
MD5d6981f9ba259d4305b4ab9a809c69c22
SHA180f72ecfe73969797b373a54894f5c14053e8169
SHA25624ce98da48fa31184f1da4d9efdd731275c4420b23043fc4208787dee314db8f
SHA5122a7d1a5440cf57fcbb22ae1384e217cd673006779429fc46c4a4751d74a91fe0d681c862415461d98a69caab5efa9618d6af05bfdef9e886888982f1e583c65d
-
Filesize
224KB
MD541824c93a22efdf41e886d56104936bc
SHA1c5bbdf5391806fd152fba79c6bd19f82c26cb43f
SHA256d833f80dd9a164d99c6013c749822353d1e0836c164af539815f9bfac8a32f2a
SHA5125dc92564d07c6f4929d16166f32617821711c901be285840ab4fb17f13cb68a098cfbe66733414f7d5bde7098132b6947c8e1aecf129884ebf437c8643eca0a4
-
Filesize
163B
MD5fe452b7294d5928a9a5863b89ee0a6bd
SHA1a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e
-
Filesize
96KB
MD59535f5fe817accc769c2c1d3354db39f
SHA16af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837
-
Filesize
96KB
MD55caa766855d5613a999f71b7812d6451
SHA1ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA2563a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA51217bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba
-
Filesize
288KB
MD545b456c16fbe37912a8bbe3034038dc7
SHA109650959086d4c10b1baac5d6c57c33ac014a757
SHA256c2d3eb9e70191ae6ca2393994becd19b8162fd71b2d4b43eb18a232c23f67ce6
SHA5128634c269647300021e5ac7440494d9e20c1ae0df64b20f658cc20f0251598e960ea78984892010c9edca2e615a9dfb4466b4896c1f31509dc1dbdf5b39c51c70
-
Filesize
96KB
MD5232fbc22dd03a8ec41edde02bdbea61c
SHA16ab4b39bca95418c52f7f861fd39e5fddb9cc7b6
SHA256d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0
SHA512055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892
-
Filesize
1KB
MD55bd44409bfe9dce84ffab287e0567107
SHA1ae8eb746033485630e7df7a94e2ca83fbf3be562
SHA256a9ac29a1468cd92a01931c6e8be15e3065651e9f7f1bdb218cd3ccd4f25bfb85
SHA512b1aba5ab42e7688d9ece3647b7a2fb2f9e7162c015b7a456c6198318c9512a63f709304081498cea8e351f12534ff92ed4a55572a8c0fc9b5db089af574d9649
-
Filesize
2KB
MD5ee1353d1b141ee03ca93b9d2c3b5b35c
SHA1b054d3cba2e43ab01f3a95088f90205784c8b546
SHA256330854cdb9430aafe62264510d28fce28b18938117acd5c5a0f642f6ddf4a953
SHA51216ee96a2ef74ef4cfe337526345b662be4854aed498af871ee1a0558d7558fd6412d615221430715eca618e8787bd851b087c6185f77aef88a777fa2d3337484
-
Filesize
2KB
MD5eca6bb43bd30fcc085b66faf6dbb4998
SHA1a2c290183afea8ebde6232d7764f047512726eb5
SHA2565b523af2a80bfc2b2d2763067954ed927e90b3e40fa8d8c561776bda14464750
SHA5128ddfd5ab1a939c2a948e958af77d660c3907c9c5be7dee6aea76f222f19107b1b471ab87ae3371ef8febbb724935a2146bfab36c9249c7a12968a9862d82fd7c
-
Filesize
2KB
MD52fedb12b67ed71118eaf3fd3a20820b0
SHA178ca579dd856cff73967c98f8414ec585d11c6ef
SHA256c2cf77ce05c78f76a58bf87741c1439257330ee8137f945196de186e92f01853
SHA512101f0c357685440dcd462ca187836b3f89cedd420e99bc59d159000faba883b7a8facff06dc336eecdba97181bc85b795b79396eaa543a55bf7e0f2db8f4bd8c
-
Filesize
1KB
MD5daf5db6abe8f09ff7c24b480e88edee6
SHA14c0cf252c3c8547e9c3445a2c232b4fdd9faef42
SHA256f7bab3a06b401c320b2b0f2d22df44c24b4f00d34549346b1e39c5c37498ed43
SHA512fb706206cc977acc13abbc06872c642839a982d237ac40bdd377dab30a0516d75deb83dec6620f6b34e4f68a2db7763e8b5bc242b5d6ed0040f174568582894f
-
Filesize
96KB
MD5e0c613bfd69956a19ce2dc5e925aa223
SHA114accb230edcd6cb76967cdc6d4e5686db96b5df
SHA2560d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA51201643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1
-
Filesize
128KB
MD5178d71e5529d637ac62f7e75fdd75896
SHA1339f2b949cc4c207b66aea11137448ba28d36dcb
SHA2567b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664
-
Filesize
42B
MD5fac99158a88c60b0ce70eaf04339fba4
SHA1b1249cd67bcc488d65def0045b702e73b0d23d5f
SHA25610565fb7633c8725278eda9c88b2c5205918beffae6191270eb974679b5ca002
SHA512af05dfde40094e3f1724cf7931910dbd1b6c4a221ed530669d45afbf3414586f01cad07aeb435255f9f7eccb7791aa46faba7dcdce15587f89571f80976fbfd7
-
Filesize
44KB
MD5759544297aaa61f5fef8ee42d0ae4393
SHA1fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA2561bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA5128aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f
-
Filesize
12KB
MD57fe267a7b9d1868c5c26c2eaf3b506f1
SHA174589af1e74a1c4b6a054cb5f5dc551be8a7850c
SHA256e302b6af92c2ad8eb4013e1cca7b5e1f208c5cb043e2b6dc3fa2712ecebfebb6
SHA512449a6807ce7f98843dcc85c782ee8216c3d32934cd59825d4a6d9049fef25f8eaafda9124598251148645cdc0927df7304bce20bc28105ab3d8c2db9d4541c5a
-
Filesize
44KB
MD507a412e08825220262ad2890757ff779
SHA1f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA5120134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b
-
Filesize
12KB
MD5e5f2ccf0da441c116c5b776d1c21abd0
SHA1b0b784265f63b1140b3b68dd05673ec9dcd37e51
SHA2566affe49c92984c48c80bb18aee6ab0cb6654bc79ad63c8b568e1aaebe7948020
SHA5129aca356066f2c647df2a4ce5bd52357b4bed77e3af3151be34eeba1c403afec0f22949a10fb297d1b89387a671d55b177667465c2c9f33a7aadd0c938584007b
-
Filesize
164KB
MD531fd60d1099ab88d9e8f94f1a2147696
SHA1a2fd745fb650cfd7d6b47bc5dda16edae431da21
SHA25688f93cea12d38154b2f3449ceecd5959d084025696398d168abe86fd0d8a03c0
SHA512ac8d39cc151b48a63940382ccb3c6d8a950de2e9af77c7726731160e3f6e05ec358d95d5bd209f8a849d72ff031aaf09013444f082699b02ef5310bfbe35c89f
-
Filesize
148KB
MD5dd3f6ba37c670af5953593535e435d04
SHA1ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA2565cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA51286e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3
-
Filesize
50B
MD51e79fdef6199faf254449c3b1671c2ca
SHA1219752fa1032ffb3a529d1591ff14ad703d5a35a
SHA256b425ff6a0d68615460a9876189a0189e6d91e47f2fb75a6172ee3ff30bc81b87
SHA512b082712ec7f368a631bc0c01583d326b183bbd8ad49a5fbcd3d8af22ad5e2193b0af3fde4152756f585b3dc982e820c61f145bedc36132965ba32405da3a1b2d
-
Filesize
47B
MD5e27c34d2e6a6a0eb9db3e5bd62d881d3
SHA1eb05d4fa7b370a189f2698050900b16da4c3099d
SHA2561c4c5ee388b108dd294a5d2956b4d6e7276527aa88ed5e41b204745762b7e428
SHA512bb730388901f0a8819edf3285867a6367e9720988779f2bacf6f240dbf47c8b4aceb22fddc5de415f72f30031527fddcab05e62e95f532f43a480b88343a96e9
-
Filesize
10B
MD50361ae0fccfa03527c9982140a8f21d2
SHA13a0bf88f7e869beb1c1de28ae06653b1c4f0e6fc
SHA2564294031ebe4086486a1320c26c4a97b4d88b873c70c2422a1844647618fcaf50
SHA5128f37f8c412c7f663235c68e115fd7bb49e2cf15473699b99f98c311383054aa71edb982f3bc9a02a6089af4e78fc30f880633d4b03e393c72f82b8e76611e780
-
Filesize
47B
MD5ca7c429d61e95f312e325769454718f1
SHA128409cf1b1472b76665e84a24ba71c8c1299f2d1
SHA2561ac499912d4aa09d1d8fa4b3f4f398cd575ec3e24e56e1afed7fafc27e5ae5fb
SHA5121cce7c6679b0be1d5c9a7c8ef1c53eaae5feace19478089449d2526470bdd386d4f2caa54b3bd07c4efb64b65aa1574c578c8c9d7cc94443c4148fb860a4c701
-
Filesize
62B
MD51e925fdc6a3211cd79d14640618e65f2
SHA1c7b09615039080094d52fabe690707558a5ea582
SHA256975b2b973473c36ef642a7dea31eca8d8257a256954b4d72acbb5295e5aaa01f
SHA512eb0fa3f44949c5e047a796cf553fe2b5b56c15f2eced2bfc8b5a63cdf1450caf217d25817986ee6e0f8bdf3c5419850a9a252fbc51d1c02fdbe9ab128d0b29f4
-
Filesize
259B
MD51e7e8649d3ca36dabf79f94b06b05ab0
SHA1e131b88c854d5b8c10e936e11c6be536404187db
SHA2566e1d773f55644b5e4a0bec1357f23ff16f8766618293618ab25773f02a042b32
SHA512c5c51b29434c6cc70588beb0ad3353ee6e5d14928cd6a86e2fdc6ae06d96335f458ffc568abb2f0be426798d7a5a90c1dc4a66dbc8bfe7b3524affcb421f9f54