Analysis
-
max time kernel
132s -
max time network
148s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
07/05/2024, 01:10
Static task
static1
Behavioral task
behavioral1
Sample
6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf
Resource
ubuntu1804-amd64-20240226-en
General
-
Target
6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf
-
Size
86KB
-
MD5
2b3c4f43c888ccb4d6edf582bbfafa3d
-
SHA1
55977ad42ce727dd5099558efec74adf5ce61eb7
-
SHA256
6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315
-
SHA512
17475686ed01dd4ce48e351ece9c062a8d309d2ba297c9bcb579bee165a0b1f53080026ad78d0210c3b9bee2373331bf233f88e61f10e7fb0a483274f8760629
-
SSDEEP
1536:N4gz2yjt+uO6XBX+9lRt7iLZ6yy4swKX+lJuMNRkVxNwj:N4gayjt+76XdONgdy41KX+nfgxuj
Malware Config
Signatures
-
description ioc Process File truncated /var/log/journal/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/journal/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Modifies PAM framework files 1 IoCs
Modifies Linux PAM framework files, possibly to intercept credentials.
description ioc Process File opened for modification /etc/pam.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /dev/misc/watchdog 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Modifies sudoers policy 1 IoCs
Adds/ Modifies rule files for sudoers policy, likely to grant additional privileges.
description ioc Process File opened for modification /etc/sudoers.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Modifies user home skeleton directory 1 IoCs
Modifies skeleton of initial home directory of newly added system users.
description ioc Process File opened for modification /etc/skel/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Creates/modifies Cron job 1 TTPs 6 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /etc/cron.daily/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /etc/cron.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /etc/cron.hourly/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /etc/cron.weekly/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /etc/cron.monthly/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /var/spool/cron/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Creates/modifies environment variables 1 TTPs 1 IoCs
Creating/modifying environment variables is a common persistence mechanism.
description ioc Process File opened for modification /etc/profile.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Deletes log files 1 TTPs 20 IoCs
Deletes log files on the system.
description ioc Process File truncated /var/log/cups/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File truncated /var/log/gdm3/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/apt/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File truncated /var/log/installer/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/installer/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/audit/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File truncated /var/log/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File truncated /var/log/hp/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/dist-upgrade/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/cups/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/speech-dispatcher/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/unattended-upgrades/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File truncated /var/log/dist-upgrade/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/gdm3/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File truncated /var/log/unattended-upgrades/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File truncated /var/log/apt/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File truncated /var/log/speech-dispatcher/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File truncated /var/log/audit/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File deleted /var/log/hp/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
description ioc Process File opened for modification /etc/init.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Modifies rc script 1 TTPs 7 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
description ioc Process File opened for modification /etc/rc0.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /etc/rc5.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /etc/rc2.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /etc/rc3.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /etc/rc1.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /etc/rc4.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /etc/rc6.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Write file to user bin folder 1 TTPs 2 IoCs
description ioc Process File opened for modification /usr/sbin/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /usr/bin/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Writes file to system bin folder 1 TTPs 3 IoCs
description ioc Process File opened for modification /sbin/watchdog 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /sbin/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /bin/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Modifies Bash startup script 1 TTPs 1 IoCs
description ioc Process File opened for modification /etc/profile.d/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Changes its process name 2 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself /bin/bash 1577 Changes the process name, possibly in an attempt to hide itself /bin/bash 1579 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/1148/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/468/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1345/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1188/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/246/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/570/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1298/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1378/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1544/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/696/exe 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/410/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1057/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1182/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1229/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/527/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/953/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1053/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1577/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1113/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1186/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/471/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/729/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/957/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/958/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/672/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/674/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/488/exe 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/491/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/929/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1080/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/516/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/517/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1117/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1183/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1104/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1268/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1010/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1164/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1255/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1179/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1308/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/944/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1143/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/596/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/696/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1140/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1460/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/462/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/486/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/324/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1134/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/409/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/411/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/534/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1061/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/674/exe 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/stat 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1076/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/496/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1176/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/1437/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/323/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for reading /proc/488/fd 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Writes file to shm directory 1 IoCs
Malware can drop malicious files in the shm directory which will run directly from RAM.
description ioc Process File opened for modification /dev/shm/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf -
Writes file to tmp directory 21 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/ssh-EbeM2XGcW2TC/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-bolt.service-IiFZZB/tmp/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-colord.service-SqS9GH/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/netplan_uck6pwe_/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/.Test-unix/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-fwupd.service-Osg9SH/tmp/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-systemd-resolved.service-04lHmd/tmp/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/snap-private-tmp/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-bolt.service-IiFZZB/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-systemd-resolved.service-04lHmd/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-fwupd.service-Osg9SH/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-systemd-timedated.service-Ml9mBm/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/.ICE-unix/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/.font-unix/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/.X11-unix/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-colord.service-SqS9GH/tmp/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-ModemManager.service-MQYxnZ/tmp/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/.XIM-unix/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-ModemManager.service-MQYxnZ/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf File opened for modification /tmp/systemd-private-88caa3990b7a45e09e8d436f2da38f70-systemd-timedated.service-Ml9mBm/tmp/.old_cache 6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf
Processes
-
/tmp/6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf/tmp/6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf1⤵
- Deletes journal logs
- Modifies PAM framework files
- Modifies Watchdog functionality
- Modifies sudoers policy
- Modifies user home skeleton directory
- Creates/modifies Cron job
- Creates/modifies environment variables
- Deletes log files
- Enumerates active TCP sockets
- Modifies init.d
- Modifies rc script
- Write file to user bin folder
- Writes file to system bin folder
- Modifies Bash startup script
- Reads system network configuration
- Reads runtime system information
- Writes file to shm directory
- Writes file to tmp directory
PID:1575