Overview

overview

10

Static

static

3

8e04860727...18.exe

windows7-x64

10

8e04860727...18.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

405.htm

windows7-x64

1

405.htm

windows10-2004-x64

1

SFhelper.dll

windows7-x64

1

SFhelper.dll

windows10-2004-x64

1

docbook-xsl-update

ubuntu-18.04-amd64

3

docbook-xsl-update

debian-9-armhf

1

docbook-xsl-update

debian-9-mips

docbook-xsl-update

debian-9-mipsel

head.js

windows7-x64

3

head.js

windows10-2004-x64

3

networkEve...ibe.js

windows7-x64

3

networkEve...ibe.js

windows10-2004-x64

3

parse_modified.js

windows7-x64

3

parse_modified.js

windows10-2004-x64

3

root.js

windows7-x64

3

root.js

windows10-2004-x64

3

Analysis

  • max time kernel
    0s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    02-06-2024 12:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    docbook-xsl-update

  • Size

    1KB

  • MD5

    d485a5cd6ca8feeebc079fcc6e914fc2

  • SHA1

    55994d62a8a6c6ea39f1e9c5792fa1343839f2e8

  • SHA256

    6785bc061d585d645cd76d14828928133433cdb329ccc694541f8321f424460a

  • SHA512

    498eec9a93437c580d8f9f92c575330554c9e48a47af4015d32cd6fb03aebb863b1bf084df7a237feea59d477b6a835d59c43ceec07d4d8d048053282de365dc

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/docbook-xsl-update
    /tmp/docbook-xsl-update
    1⤵
    • Writes file to tmp directory
    PID:1515
    • /usr/bin/dirname
      dirname /tmp/docbook-xsl-update
      2⤵
        PID:1518
      • /bin/readlink
        readlink -f /tmp
        2⤵
          PID:1516
        • /usr/bin/dirname
          dirname /tmp/docbook-xsl-update
          2⤵
            PID:1521
          • /bin/readlink
            readlink -f /tmp/../..
            2⤵
              PID:1519
            • /usr/bin/basename
              basename /tmp/docbook-xsl-update
              2⤵
                PID:1523
              • /usr/bin/basename
                basename /tmp/docbook-xsl-update
                2⤵
                  PID:1524
                • /bin/cat
                  cat
                  2⤵
                    PID:1522

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /tmp/sh-thd.ZQEKlV
                  Filesize

                  202B

                  MD5

                  10355e2cfc6fb4e8f808c004f07486cb

                  SHA1

                  be9501ad07a9517493bbd9a7a94a516b418c19b1

                  SHA256

                  6efcd4a6bfaa3903cbb1ae1e08b5c594b6435763059f0fca98057632e121cfae

                  SHA512

                  a228f7a509fd546641a645edc7a3498f8115263b63549cfaa8427296a84c90d39d973cd39e0e9385cbb8ba8b685fb5af57654cc757e81043610ce3b1e2c656a9

                  Download Submit