Overview

overview

6

Static

static

1

tcpx.sh

ubuntu-18.04-amd64

6

tcpx.sh

debian-9-armhf

6

tcpx.sh

debian-9-mips

tcpx.sh

debian-9-mipsel

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tcpx.sh

  • Size

    86KB

  • Sample

    240526-pkfmdacb3t

  • MD5

    62ed54932d2314c35b16019f0e368994

  • SHA1

    9c19d91298ea13e5c5b8e5df28d72ab8aa36842b

  • SHA256

    ac7ded5a278d9a5f39d04ebcb3725b344785298e2e8f52ca5bfaf7fc817516eb

  • SHA512

    e1774801f561dc4772dfc24af8935741a71e2131f9a3f47d6bfb18917b050d6de1aca54df8911ad7b23933c65c19210cc85a922ed58e44d447767445e042f72b

  • SSDEEP

    1536:waf7wT+KGeQu+yohUv0ILOWfsMppURfCh:91KGeQu+y1jIVf4

Score
6/10
antivmlinux

Malware Config

Targets

    • Target

      tcpx.sh

    • Size

      86KB

    • MD5

      62ed54932d2314c35b16019f0e368994

    • SHA1

      9c19d91298ea13e5c5b8e5df28d72ab8aa36842b

    • SHA256

      ac7ded5a278d9a5f39d04ebcb3725b344785298e2e8f52ca5bfaf7fc817516eb

    • SHA512

      e1774801f561dc4772dfc24af8935741a71e2131f9a3f47d6bfb18917b050d6de1aca54df8911ad7b23933c65c19210cc85a922ed58e44d447767445e042f72b

    • SSDEEP

      1536:waf7wT+KGeQu+yohUv0ILOWfsMppURfCh:91KGeQu+y1jIVf4

    Score
    6/10
    antivm

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks