Analysis

  • max time kernel
    2s
  • max time network
    132s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    11-06-2024 10:47

General

  • Target

    xsd/x

  • Size

    467B

  • MD5

    d2f60757dc7ce3aa7a44fa71bb9f595f

  • SHA1

    f202ece9e377287744197a56ab13e661ac1b18b3

  • SHA256

    fb9cbaede6f6278e9c5bd075982a80c7b3a9b4976600e583b57c25ed3d3392d0

  • SHA512

    e50308afe713c388cb7bdc897e185d766a6c448cc31a43f0f8cdddde773043532b56139ed1104a51478c85d4be7da3c713e711d47838fbaf06e7f28d7fb61f8e

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/xsd/x
    /tmp/xsd/x
    1⤵
    • Writes file to tmp directory
    PID:1482
    • /bin/cat
      cat vuln.txt
      2⤵
        PID:1483
      • /bin/cat
        cat vuln.txt
        2⤵
          PID:2679
        • /bin/rm
          rm -rf vuln.txt
          2⤵
            PID:2680

        Network

        • flag-us
          DNS
          1527653184.rsc.cdn77.org
          Remote address:
          1.1.1.1:53
          Request
          1527653184.rsc.cdn77.org
          IN A
          Response
          1527653184.rsc.cdn77.org
          IN A
          89.187.167.7
          1527653184.rsc.cdn77.org
          IN A
          195.181.164.21
        • flag-us
          DNS
          1527653184.rsc.cdn77.org
          Remote address:
          1.1.1.1:53
          Request
          1527653184.rsc.cdn77.org
          IN AAAA
          Response
          1527653184.rsc.cdn77.org
          IN AAAA
          2a02:6ea0:ca00::3
          1527653184.rsc.cdn77.org
          IN AAAA
          2a02:6ea0:ca00::4
        • 151.101.129.91:443
          tls
          127 B
          40 B
          2
          1
        • 185.125.188.61:443
          tls
          135 B
          2
        • 185.125.188.61:443
          tls
          135 B
          2
        • 151.101.129.91:443
          extensions.gnome.org
          tls
          4.2kB
          223.4kB
          66
          174
        • 195.181.164.14:443
          tls
          851 B
          11
        • 89.187.167.7:443
          odrs.gnome.org
          tls
          22.6kB
          1.7MB
          371
          1235
        • 224.0.0.251:5353
          146 B
          2
        • 1.1.1.1:53
          1527653184.rsc.cdn77.org
          dns
          81 B
          113 B
          1
          1

          DNS Request

          1527653184.rsc.cdn77.org

          DNS Response

          89.187.167.7
          195.181.164.21

        • 1.1.1.1:53
          1527653184.rsc.cdn77.org
          dns
          81 B
          137 B
          1
          1

          DNS Request

          1527653184.rsc.cdn77.org

          DNS Response

          2a02:6ea0:ca00::3
          2a02:6ea0:ca00::4

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.