Analysis Overview
SHA256
b47f027d4abb21ce7a8eca56eea90b8df16a017ea8c8a7bac9f2aaac6b76b70b
Threat Level: Shows suspicious behavior
The file sketchyorignorant-main.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Deletes log files
Unsigned PE
Enumerates physical storage devices
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 16:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
win10v2004-20240611-en
Max time kernel
120s
Max time network
96s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-FoDMetadata-Package.cab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.83.221.88.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
150s
Command Line
Signatures
Deletes log files
| Description | Indicator | Process | Target |
| File truncated | /var/log/setup/tmp/SeTkeymap | /tmp/sketchyorignorant-main/SeTkeymap | N/A |
| File deleted | /var/log/setup/tmp/SeTkeymap | /bin/rm | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/sketchyorignorant-main/SeTkeymap
[/tmp/sketchyorignorant-main/SeTkeymap]
/bin/mkdir
[mkdir -p /var/log/setup/tmp]
/bin/rm
[rm -f /var/log/setup/tmp/SeTkeymap]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.20:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
Files
/var/log/setup/tmp/SeTkeymap
| MD5 | b7fee3208aa4e51c6241ccacdbc7fba9 |
| SHA1 | 526da85bf9fefa5b369def174b239259e7fe76e7 |
| SHA256 | f8dc4ad141274ec104deef92e2c3be782bf37fdbee92ec34aafa8cf9600e1b18 |
| SHA512 | 8da5e14a5f591b1b85c14a39bf7de10bbde708e65ce0eb20d0357a644cc4415e82e56f35bff898b2b4a66b6e1c1acee8df380f68ad5a674c5973ec300e9566a0 |
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:52
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsel-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:52
Platform
debian9-mipsel-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Deletes log files
| Description | Indicator | Process | Target |
| File truncated | /var/log/setup/tmp/series | /tmp/sketchyorignorant-main/SeTPKG | N/A |
| File deleted | /var/log/setup/tmp/series | /bin/rm | N/A |
| File deleted | /var/log/setup/tmp/tmpscript | /bin/rm | N/A |
| File deleted | /var/log/setup/tmp/SeTSERIES | /bin/rm | N/A |
| File deleted | /var/log/setup/tmp/tmpscript | /bin/rm | N/A |
| File truncated | /var/log/setup/tmp/tmpscript | /tmp/sketchyorignorant-main/SeTPKG | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/sketchyorignorant-main/SeTPKG
[/tmp/sketchyorignorant-main/SeTPKG]
/bin/mkdir
[mkdir -p /var/log/setup/tmp]
/bin/rm
[rm -f /var/log/setup/tmp/SeTSERIES /var/log/setup/tmp/tmpscript]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/cat
[cat]
/bin/rm
[rm -f /var/log/setup/tmp/series /var/log/setup/tmp/tmpscript]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 89.187.167.3:443 | tcp |
Files
/var/log/setup/tmp/tmpscript
| MD5 | 40a5493396d64bfa256143b3f469deb4 |
| SHA1 | 1591906c096dc818cbbe2096c5c230f58be86d0c |
| SHA256 | 826f6a19acc4fb0b0455b6da7ebdabf6ccae8a0acf307ec5912b36807f9f274b |
| SHA512 | 12ba6a7673b97ebc79a48ca20e2802282b154c7281c403ffe5918fef5411abf549a0250da041c81a28e5c510a0470f17966a7c104fffd470e719bc3a36e3c851 |
/var/log/setup/tmp/tmpscript
| MD5 | 2ba836a6f3dcece13bef45895470d1f8 |
| SHA1 | 97042885e875e719e697d11d4ff41d284e7000d4 |
| SHA256 | 690e79cf3e7d04759f2cf9183bdb4f3aa13b6cd0a072958e0e900b93990680a3 |
| SHA512 | cb1f825ef6556436414ac1fbc9f895ad86525f1c0e5a15a0e110a810702a008b1d7621733684f7ecd5eff679a28edb1aed2e3e810acbf833771e748ab66ad17d |
/var/log/setup/tmp/tmpscript
| MD5 | 283350edc67b7324746e0fcbf896d4a6 |
| SHA1 | d09bcf823e5c04136a2748d242e8d031607adbd9 |
| SHA256 | d3e236104e622df5c9b88f6157517ab55933fb04bd465c8f9aae02197dc5f349 |
| SHA512 | b45cc12989499068f619166e24d9a7569ca44f1cc810edff560b59445108377c6ef2dafbdd0aaaefa4dc2e63ac045ce72d5d7cb3244fe58659084839bb97b947 |
/var/log/setup/tmp/tmpscript
| MD5 | 3c24f3161f4c260978f614adfa2215dc |
| SHA1 | 81c7386a6e6dbdfee164274d2d944a8dc5af23e8 |
| SHA256 | 06add9c183563f5c3afe7fc20f06e29fdd699f8124fb0fd5d7e2841e364298aa |
| SHA512 | 055b30fd0874ebb6fe4642159681078ec8fbc142ce0ed941ffdcbc7b1a7bd4d989288320676fa71597c18e6b2cd7ea04eb99274977c8c0ff4c5e68c807747cb9 |
/var/log/setup/tmp/tmpscript
| MD5 | 9426c43afbd7802974f633af696d8640 |
| SHA1 | 99ef1cd7618b06ef746f3341dc031afe70902058 |
| SHA256 | 4a8ee4f52d158118c012e2bc5c96593fe8229e1720121ece59f262abf6574f97 |
| SHA512 | f482dd4e08c3a5cef55060bb8bcfd5943fd5e766942b68b500b5e0181e4643fbfcefd317da306551829061f646a2d8777853733e2404958939fd85c1df7cb4a7 |
/var/log/setup/tmp/tmpscript
| MD5 | 896796b87d89ed9d3b010ec60c97ba7c |
| SHA1 | 4dda5ff6004da728bec8ba72a71ef84043f29f17 |
| SHA256 | 923189ba97d05d376435677d5ff5f827382f502867f44cc8e200755bfbcb1ec9 |
| SHA512 | 808a073de8c044c224c9867a588deabd42132c688f5823789ab2dcc2b8492ccfa65c8ba7f4ee810f527cf5d2bd8c7ef4af5f31fd4944ef2f2fe5523a4dfe59f1 |
/var/log/setup/tmp/series
| MD5 | e5dee89b5affc1feabecb6e5597dd7ce |
| SHA1 | 268ec5f18545bf3288673448c4cc04ed656b03b5 |
| SHA256 | e43e6ce20883887b2f968abbd0825b4e4a7827cd93ba288c7aae8a9b54f09534 |
| SHA512 | db95ed04e7019448c7d2eda8b1127af619f91bae505cef101464124879bb0003d526c7c6516fc380aedc6c078421833f692793d2e883ac789094a181eadb28e3 |
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:52
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
win10v2004-20240611-en
Max time kernel
134s
Max time network
137s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Kernel-LA57-FoD-Package~31bf3856ad364e35~amd64~~.cab.lnk
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 3.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.133.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
147s
Command Line
Signatures
Deletes log files
| Description | Indicator | Process | Target |
| File deleted | /var/log/setup/tmp/SeTDOS | /bin/rm | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/sketchyorignorant-main/SeTDOS
[/tmp/sketchyorignorant-main/SeTDOS]
/bin/mkdir
[mkdir -p /var/log/setup/tmp]
/bin/rm
[rm -f /var/log/setup/tmp/SeTDOS]
/usr/bin/touch
[touch /var/log/setup/tmp/SeTDOS]
/bin/fgrep
[fgrep -v Extend]
/usr/bin/sort
[sort]
/bin/fgrep
[fgrep -v Ext'd]
/bin/fgrep
[fgrep DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]
/usr/local/sbin/grep
[grep -F -v Extend]
/usr/local/bin/grep
[grep -F -v Extend]
/usr/sbin/grep
[grep -F -v Extend]
/usr/bin/grep
[grep -F -v Extend]
/sbin/grep
[grep -F -v Extend]
/bin/grep
[grep -F -v Extend]
/usr/local/sbin/grep
[grep -F -v Ext'd]
/usr/local/bin/grep
[grep -F -v Ext'd]
/usr/sbin/grep
[grep -F -v Ext'd]
/usr/bin/grep
[grep -F -v Ext'd]
/sbin/grep
[grep -F -v Ext'd]
/bin/grep
[grep -F -v Ext'd]
/usr/local/sbin/grep
[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]
/usr/local/bin/grep
[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]
/usr/sbin/grep
[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]
/usr/bin/grep
[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]
/sbin/grep
[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]
/bin/grep
[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 195.181.164.19:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | odrs.gnome.org | udp |
| US | 1.1.1.1:53 | odrs.gnome.org | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/sketchyorignorant-main/SeTconfig
[/tmp/sketchyorignorant-main/SeTconfig]
/bin/mkdir
[mkdir -p /var/log/setup/tmp]
/bin/cat
[cat /var/log/setup/tmp/SeTT_PX]
/bin/cat
[cat /var/log/setup/tmp/SeTrootdev]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.3:443 | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Processes
/tmp/sketchyorignorant-main/SeTfdHELP
[/tmp/sketchyorignorant-main/SeTfdHELP]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.16:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
win7-20231129-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Kernel-LA57-FoD-Package~31bf3856ad364e35~amd64~~.cab.lnk
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Deletes log files
| Description | Indicator | Process | Target |
| File truncated | /var/log/setup/tmp/SeTtestfull | /bin/dd | N/A |
| File deleted | /var/log/setup/tmp/SeTtestfull | /bin/rm | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/sketchyorignorant-main/SeTfull
[/tmp/sketchyorignorant-main/SeTfull]
/bin/mkdir
[mkdir -p /var/log/setup/tmp]
/bin/dd
[dd if=/dev/zero of=/var/log/setup/tmp/SeTtestfull bs=1024 count=256]
/bin/rm
[rm -f /var/log/setup/tmp/SeTtestfull]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 195.181.164.19:443 | tcp |
Files
/var/log/setup/tmp/SeTtestfull
| MD5 | ec87a838931d4d5d2e94a04644788a55 |
| SHA1 | 2e000fa7e85759c7f4c254d4d9c33ef481e459a7 |
| SHA256 | 8a39d2abd3999ab73c34db2476849cddf303ce389b35826850f9a700589b4a90 |
| SHA512 | 9dd0c30167fbeaf68dfbbad8e1af552a7a1fcae120b6e04f1b41fa76c76d5a78922ff828f5cffd8c02965cde57d63dcbfb4c479b3cb49c9d8107a7d5244e9d03 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
win7-20231129-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-FoDMetadata-Package.cab
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:55
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
132s
Command Line
Signatures
Deletes log files
| Description | Indicator | Process | Target |
| File truncated | /var/log/setup/tmp/SeTreturn | /tmp/sketchyorignorant-main/SeTkernel | N/A |
| File deleted | /var/log/setup/tmp/SeTreturn | /bin/rm | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/sketchyorignorant-main/SeTkernel
[/tmp/sketchyorignorant-main/SeTkernel]
/bin/mkdir
[mkdir -p /var/log/setup/tmp]
/bin/rm
[rm -f /var/log/setup/tmp/SeTreturn]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.8:443 | tcp |
Files
/var/log/setup/tmp/SeTreturn
| MD5 | 414be6effbd82b71ba153940fb309e9b |
| SHA1 | 5f1e3f142c52f814c8cc197c34b69cea9a8023d0 |
| SHA256 | 1e7eb70aa24f7ae8f4a48499d2fb16f27a2b5118f87f87871c27d58502d50c29 |
| SHA512 | 5206aba7c0de07fa19987533cb5f413740cbb746424be30c65e7c092f61c1d4d4ef1da8a4ee3d6762fa9ef8d94ffe8b6a5856c021ee2d6e51378c11a65e6a3a8 |