Analysis
-
max time kernel
29s -
max time network
35s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240418-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240418-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
06-05-2024 15:36
General
-
Target
86.ducky
-
Size
45KB
-
MD5
eebc28feaf0acacc2b3c572017e5bc62
-
SHA1
8d89598387ded2028dbecc1b8d2c900d70c8a2f6
-
SHA256
50195c468eeb272b86850feb6654afb3ce5677bdddb0b192999706847941d13f
-
SHA512
7641a7c518b4f99347900ecb2bf2553a5fa3a4d4784854c71fce24ae995481b43659971299b00ed3be6447b225c62b72cff56803556f21dfe64b14018f700fa8
-
SSDEEP
768:H+OcV9sObDwcSOx7m5/8reEuUGLVMK3TojbAnBU1B5FBo84MdRIl:HvcVWOf3Sga2juUGLVNj3nBU1/FBwoR
Malware Config
Extracted
mirai
MIRAI
pipipopodox.strangled.net
Signatures
-
Changes its process name 1 IoCs
Processes:
86.duckydescription ioc pid process Changes the process name, possibly in an attempt to hide itself a 1468 86.ducky -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
86.duckydescription ioc process File opened for modification /tmp/temp7W2SV3 86.ducky
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/tmp/temp7W2SV3Filesize
45KB
MD5eebc28feaf0acacc2b3c572017e5bc62
SHA18d89598387ded2028dbecc1b8d2c900d70c8a2f6
SHA25650195c468eeb272b86850feb6654afb3ce5677bdddb0b192999706847941d13f
SHA5127641a7c518b4f99347900ecb2bf2553a5fa3a4d4784854c71fce24ae995481b43659971299b00ed3be6447b225c62b72cff56803556f21dfe64b14018f700fa8