9467ea12cebc4405bddd6ae147731c2370faa45f9651b8b70581dfbc69d5abf7

Analysis

max time kernel
149s
max time network
62s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
20-05-2024 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen
Size

14KB
MD5

c232074c09dc05649abcbd9ed5554b5c
SHA1

6557db1864012bd52038f7f59d6ee8d8958ab1d4
SHA256

d934148d84b35fb456bf09a8c21e7a866c40cbf5d32a77f29e16235c9541d450
SHA512

a3691c62359ab0756a1dfdfe1a4c233d31d0c72f2a8dd05c468ec8f21ff8e7694ddf4b312fec7c9b228f066229cbb484c0730d6c7b12ddba3b09b68dcb175bf9
SSDEEP

96:Gn4CTXyfEsCvmoQ5032aIkeWiMREkqiV7bq9a:Gb7sEsCvm+3/fibkqi5

Score

4^/10

antivm

Malware Config

Signatures

Changes its process name 2 IoCs

Processes:

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	SDLHotplugALSA	1501
Changes the process name, possibly in an attempt to hide itself	SDLTimer	1503

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

FreshWomen

description ioc process

File opened for reading /proc/cpuinfo FreshWomen
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

FreshWomen

description ioc process

File opened for reading /sys/devices/system/cpu/online FreshWomen

description	ioc	process
File opened for reading	/proc/cpuinfo	FreshWomen

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	FreshWomen

Enumerates kernel/hardware configuration 1 TTPs 29 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

FreshWomen

description	ioc	process
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input4/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/bInterfaceNumber	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor	FreshWomen
File opened for reading	/sys/class	FreshWomen
File opened for reading	/sys/devices/virtual/input/mice/uevent	FreshWomen
File opened for reading	/sys/devices/platform/i8042/serio0/input/input1/event1/uevent	FreshWomen
File opened for reading	/sys/devices/platform/i8042/serio1/input/input3/event3/uevent	FreshWomen
File opened for reading	/sys/devices/platform/i8042/serio0/input/input1/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/bcdDevice	FreshWomen
File opened for reading	/sys/bus	FreshWomen
File opened for reading	/sys/class/input	FreshWomen
File opened for reading	/sys/devices/platform/i8042/serio1/input/input3/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/manufacturer	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/product	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input4/js0/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input4/event2/uevent	FreshWomen
File opened for reading	/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/uevent	FreshWomen
File opened for reading	/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/event0/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input4/mouse0/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/hidraw/hidraw0/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor	FreshWomen
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device	FreshWomen
File opened for reading	/sys/devices/platform/i8042/serio1/input/input3/mouse1/uevent	FreshWomen
File opened for reading	/sys/class/hidraw	FreshWomen

Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.

Processes:

FreshWomen

description ioc process

File opened for reading /proc/1488/maps FreshWomen
File opened for reading /proc/self/fd FreshWomen

description	ioc	process
File opened for reading	/proc/1488/maps	FreshWomen
File opened for reading	/proc/self/fd	FreshWomen

Writes file to tmp directory 64 IoCs

Malware often drops required files in the /tmp directory.

Processes:

FreshWomen

description	ioc	process
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/vc_version.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/androidhw.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/translation/merge.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/gesture.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/minstore.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/log.txt	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/anim.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testmouse.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/presplash.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/sl2/slast.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/defaultstore.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testexecution.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/lint.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/__init__.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testkey.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/webloader.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/py2analysis.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/im.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/imagelike.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/error.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/color.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/styledata/__init__.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/text/__init__.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/dragdrop.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/rollback.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/tts.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/editor.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/live2dmotion.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/debug.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/ioshw.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/curry.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/live2d.pyo	FreshWomen
File opened for modification	/tmp/cWtUTi	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/__init__.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/log.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/music.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/character.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/ast.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/motion.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/audio.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/sl2/slparser.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/gl2shadercache.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testfocus.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/config.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/pgrender.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/minigame.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/model.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/layout.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/transition.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testast.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/compat/fixes.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/text/font.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/object.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/viewport.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/imagemap.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/__init__.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/game.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/persistent.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/gl2functions.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl/glfunctions.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/translation/scanstrings.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/focus.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/preferences.pyo	FreshWomen
File opened for modification	/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/savelocation.pyo	FreshWomen

/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen
/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen
1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1488

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
2⤵
PID:1489

/bin/sh
sh -c "uname -p 2> /dev/null"
2⤵
PID:1497

/bin/uname
uname -p
3⤵
PID:1498

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.renpy/FreshWomen-1593632962/text.txt
Filesize
5B

MD5
f4020e91252aafd4b18d8acd17f883db

SHA1
748d77dbb8bdb0dd330c099e7fde82da053fb1ff

SHA256
314ad142957febe390cc7223b4deb1d1b21c187f84f6e7257a23fe46c27fcae3

SHA512
301ddd0e34cbd842dae99a2cc4ccbfeb6ee8b3def39c214a719fa9edc26d7142749bbe6e992d26353dc167febbab0dbc05476b68a86ad93cab5f299f0aaf916d

Download Submit
/tmp/cWtUTi
Filesize
4B

MD5
3f1d1d8d87177d3d8d897d7e421f84d6

SHA1
dd082d742a5cb751290f1db2bd519c286aa86d95

SHA256
f02285fb90ed8c81531fe78cf4e2abb68a62be73ee7d317623e2c3e3aefdfff2

SHA512
2ae2b3936f31756332ca7a4b877d18f3fcc50e41e9472b5cd45a70bea82e29a0fa956ee6a9ee0e02f23d9db56b41d19cb51d88aac06e9c923a820a21023752a9

Download Submit