Resubmissions

12-06-2024 17:05

240612-vmcamasdqh 6

12-06-2024 16:56

240612-vft7vsscma 7

12-06-2024 16:50

240612-vcjxqasbna 6

12-06-2024 16:40

240612-t6wb6swank 6

Analysis

  • max time kernel
    0s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    12-06-2024 16:40

General

  • Target

    sketchyorignorant-main/SeTswap

  • Size

    3KB

  • MD5

    ed956c37887b7bb6efab6199fbc86f48

  • SHA1

    6045146f558ef391a5b86fe214208af1508e7465

  • SHA256

    df9133d14341b7f8cbd00ab349141f5253692fe0c1f4f703d34a4824ad3d1082

  • SHA512

    47895c3f2d80f033f7ad0cba19eda7fb3b6b9bdfc8427e30c4f11eb3b7e8866b826c4691410557783a9849d5334f71e1c7f6b249b5c0be2bd49542e681ec061b

Score
6/10

Malware Config

Signatures

  • Deletes log files 1 TTPs 2 IoCs

    Deletes log files on the system.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/sketchyorignorant-main/SeTswap
    /tmp/sketchyorignorant-main/SeTswap
    1⤵
      PID:1497
      • /bin/mkdir
        mkdir -p /var/log/setup/tmp
        2⤵
        • Reads runtime system information
        PID:1498
      • /bin/rm
        rm -f /var/log/setup/tmp/SeTswap /var/log/setup/tmp/SeTswapskip
        2⤵
        • Deletes log files
        PID:1499
      • /bin/fgrep
        fgrep "Linux swap"
        2⤵
          PID:1502
        • /usr/bin/sort
          sort
          2⤵
            PID:1503
          • /usr/local/sbin/grep
            grep -F "Linux swap"
            2⤵
              PID:1502
            • /usr/local/bin/grep
              grep -F "Linux swap"
              2⤵
                PID:1502
              • /usr/sbin/grep
                grep -F "Linux swap"
                2⤵
                  PID:1502
                • /usr/bin/grep
                  grep -F "Linux swap"
                  2⤵
                    PID:1502
                  • /sbin/grep
                    grep -F "Linux swap"
                    2⤵
                      PID:1502
                    • /bin/grep
                      grep -F "Linux swap"
                      2⤵
                        PID:1502
                      • /usr/bin/touch
                        touch /var/log/setup/tmp/SeTswapskip
                        2⤵
                          PID:1504

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads