Malware Analysis Report

2024-10-10 10:56

Sample ID 240612-vcjxqasbna
Target sketchyorignorant-main.zip
SHA256 b47f027d4abb21ce7a8eca56eea90b8df16a017ea8c8a7bac9f2aaac6b76b70b
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

b47f027d4abb21ce7a8eca56eea90b8df16a017ea8c8a7bac9f2aaac6b76b70b

Threat Level: Shows suspicious behavior

The file sketchyorignorant-main.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary


Deletes log files

Unsigned PE

Enumerates physical storage devices

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 16:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

win10v2004-20240611-en

Max time kernel

120s

Max time network

96s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-FoDMetadata-Package.cab

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-FoDMetadata-Package.cab

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 129.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 74.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

150s

Command Line

[/tmp/sketchyorignorant-main/SeTkeymap]

Signatures

Deletes log files

Description Indicator Process Target
File truncated /var/log/setup/tmp/SeTkeymap /tmp/sketchyorignorant-main/SeTkeymap N/A
File deleted /var/log/setup/tmp/SeTkeymap /bin/rm N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/sketchyorignorant-main/SeTkeymap

[/tmp/sketchyorignorant-main/SeTkeymap]

/bin/mkdir

[mkdir -p /var/log/setup/tmp]

/bin/rm

[rm -f /var/log/setup/tmp/SeTkeymap]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.193.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.20:443 tcp
US 151.101.1.91:443 tcp
US 151.101.129.91:443 tcp
US 151.101.65.91:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp

Files

/var/log/setup/tmp/SeTkeymap

MD5 b7fee3208aa4e51c6241ccacdbc7fba9
SHA1 526da85bf9fefa5b369def174b239259e7fe76e7
SHA256 f8dc4ad141274ec104deef92e2c3be782bf37fdbee92ec34aafa8cf9600e1b18
SHA512 8da5e14a5f591b1b85c14a39bf7de10bbde708e65ce0eb20d0357a644cc4415e82e56f35bff898b2b4a66b6e1c1acee8df380f68ad5a674c5973ec300e9566a0

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:52

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:52

Platform

debian9-mipsel-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/sketchyorignorant-main/SeTPKG]

Signatures

Deletes log files

Description Indicator Process Target
File truncated /var/log/setup/tmp/series /tmp/sketchyorignorant-main/SeTPKG N/A
File deleted /var/log/setup/tmp/series /bin/rm N/A
File deleted /var/log/setup/tmp/tmpscript /bin/rm N/A
File deleted /var/log/setup/tmp/SeTSERIES /bin/rm N/A
File deleted /var/log/setup/tmp/tmpscript /bin/rm N/A
File truncated /var/log/setup/tmp/tmpscript /tmp/sketchyorignorant-main/SeTPKG N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/sketchyorignorant-main/SeTPKG

[/tmp/sketchyorignorant-main/SeTPKG]

/bin/mkdir

[mkdir -p /var/log/setup/tmp]

/bin/rm

[rm -f /var/log/setup/tmp/SeTSERIES /var/log/setup/tmp/tmpscript]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/cat

[cat]

/bin/rm

[rm -f /var/log/setup/tmp/series /var/log/setup/tmp/tmpscript]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.65.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.65.91:443 tcp
GB 89.187.167.3:443 tcp

Files

/var/log/setup/tmp/tmpscript

MD5 40a5493396d64bfa256143b3f469deb4
SHA1 1591906c096dc818cbbe2096c5c230f58be86d0c
SHA256 826f6a19acc4fb0b0455b6da7ebdabf6ccae8a0acf307ec5912b36807f9f274b
SHA512 12ba6a7673b97ebc79a48ca20e2802282b154c7281c403ffe5918fef5411abf549a0250da041c81a28e5c510a0470f17966a7c104fffd470e719bc3a36e3c851

/var/log/setup/tmp/tmpscript

MD5 2ba836a6f3dcece13bef45895470d1f8
SHA1 97042885e875e719e697d11d4ff41d284e7000d4
SHA256 690e79cf3e7d04759f2cf9183bdb4f3aa13b6cd0a072958e0e900b93990680a3
SHA512 cb1f825ef6556436414ac1fbc9f895ad86525f1c0e5a15a0e110a810702a008b1d7621733684f7ecd5eff679a28edb1aed2e3e810acbf833771e748ab66ad17d

/var/log/setup/tmp/tmpscript

MD5 283350edc67b7324746e0fcbf896d4a6
SHA1 d09bcf823e5c04136a2748d242e8d031607adbd9
SHA256 d3e236104e622df5c9b88f6157517ab55933fb04bd465c8f9aae02197dc5f349
SHA512 b45cc12989499068f619166e24d9a7569ca44f1cc810edff560b59445108377c6ef2dafbdd0aaaefa4dc2e63ac045ce72d5d7cb3244fe58659084839bb97b947

/var/log/setup/tmp/tmpscript

MD5 3c24f3161f4c260978f614adfa2215dc
SHA1 81c7386a6e6dbdfee164274d2d944a8dc5af23e8
SHA256 06add9c183563f5c3afe7fc20f06e29fdd699f8124fb0fd5d7e2841e364298aa
SHA512 055b30fd0874ebb6fe4642159681078ec8fbc142ce0ed941ffdcbc7b1a7bd4d989288320676fa71597c18e6b2cd7ea04eb99274977c8c0ff4c5e68c807747cb9

/var/log/setup/tmp/tmpscript

MD5 9426c43afbd7802974f633af696d8640
SHA1 99ef1cd7618b06ef746f3341dc031afe70902058
SHA256 4a8ee4f52d158118c012e2bc5c96593fe8229e1720121ece59f262abf6574f97
SHA512 f482dd4e08c3a5cef55060bb8bcfd5943fd5e766942b68b500b5e0181e4643fbfcefd317da306551829061f646a2d8777853733e2404958939fd85c1df7cb4a7

/var/log/setup/tmp/tmpscript

MD5 896796b87d89ed9d3b010ec60c97ba7c
SHA1 4dda5ff6004da728bec8ba72a71ef84043f29f17
SHA256 923189ba97d05d376435677d5ff5f827382f502867f44cc8e200755bfbcb1ec9
SHA512 808a073de8c044c224c9867a588deabd42132c688f5823789ab2dcc2b8492ccfa65c8ba7f4ee810f527cf5d2bd8c7ef4af5f31fd4944ef2f2fe5523a4dfe59f1

/var/log/setup/tmp/series

MD5 e5dee89b5affc1feabecb6e5597dd7ce
SHA1 268ec5f18545bf3288673448c4cc04ed656b03b5
SHA256 e43e6ce20883887b2f968abbd0825b4e4a7827cd93ba288c7aae8a9b54f09534
SHA512 db95ed04e7019448c7d2eda8b1127af619f91bae505cef101464124879bb0003d526c7c6516fc380aedc6c078421833f692793d2e883ac789094a181eadb28e3

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:52

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

win10v2004-20240611-en

Max time kernel

134s

Max time network

137s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Kernel-LA57-FoD-Package~31bf3856ad364e35~amd64~~.cab.lnk

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Kernel-LA57-FoD-Package~31bf3856ad364e35~amd64~~.cab.lnk

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 3.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 151.133.100.95.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

147s

Command Line

[/tmp/sketchyorignorant-main/SeTDOS]

Signatures

Deletes log files

Description Indicator Process Target
File deleted /var/log/setup/tmp/SeTDOS /bin/rm N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/sketchyorignorant-main/SeTDOS

[/tmp/sketchyorignorant-main/SeTDOS]

/bin/mkdir

[mkdir -p /var/log/setup/tmp]

/bin/rm

[rm -f /var/log/setup/tmp/SeTDOS]

/usr/bin/touch

[touch /var/log/setup/tmp/SeTDOS]

/bin/fgrep

[fgrep -v Extend]

/usr/bin/sort

[sort]

/bin/fgrep

[fgrep -v Ext'd]

/bin/fgrep

[fgrep DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]

/usr/local/sbin/grep

[grep -F -v Extend]

/usr/local/bin/grep

[grep -F -v Extend]

/usr/sbin/grep

[grep -F -v Extend]

/usr/bin/grep

[grep -F -v Extend]

/sbin/grep

[grep -F -v Extend]

/bin/grep

[grep -F -v Extend]

/usr/local/sbin/grep

[grep -F -v Ext'd]

/usr/local/bin/grep

[grep -F -v Ext'd]

/usr/sbin/grep

[grep -F -v Ext'd]

/usr/bin/grep

[grep -F -v Ext'd]

/sbin/grep

[grep -F -v Ext'd]

/bin/grep

[grep -F -v Ext'd]

/usr/local/sbin/grep

[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]

/usr/local/bin/grep

[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]

/usr/sbin/grep

[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]

/usr/bin/grep

[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]

/sbin/grep

[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]

/bin/grep

[grep -F DOS Win95 F Win98 F HPFS W95 F FAT12 FAT16]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.65.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.65.91:443 tcp
GB 195.181.164.19:443 tcp
US 151.101.129.91:443 tcp
US 151.101.1.91:443 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 odrs.gnome.org udp
US 1.1.1.1:53 odrs.gnome.org udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/sketchyorignorant-main/SeTconfig]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/sketchyorignorant-main/SeTconfig

[/tmp/sketchyorignorant-main/SeTconfig]

/bin/mkdir

[mkdir -p /var/log/setup/tmp]

/bin/cat

[cat /var/log/setup/tmp/SeTT_PX]

/bin/cat

[cat /var/log/setup/tmp/SeTrootdev]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.3:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/sketchyorignorant-main/SeTfdHELP]

Signatures

N/A

Processes

/tmp/sketchyorignorant-main/SeTfdHELP

[/tmp/sketchyorignorant-main/SeTfdHELP]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.16:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

win7-20231129-en

Max time kernel

118s

Max time network

120s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Kernel-LA57-FoD-Package~31bf3856ad364e35~amd64~~.cab.lnk

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Kernel-LA57-FoD-Package~31bf3856ad364e35~amd64~~.cab.lnk

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:53

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/sketchyorignorant-main/SeTfull]

Signatures

Deletes log files

Description Indicator Process Target
File truncated /var/log/setup/tmp/SeTtestfull /bin/dd N/A
File deleted /var/log/setup/tmp/SeTtestfull /bin/rm N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/sketchyorignorant-main/SeTfull

[/tmp/sketchyorignorant-main/SeTfull]

/bin/mkdir

[mkdir -p /var/log/setup/tmp]

/bin/dd

[dd if=/dev/zero of=/var/log/setup/tmp/SeTtestfull bs=1024 count=256]

/bin/rm

[rm -f /var/log/setup/tmp/SeTtestfull]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
GB 195.181.164.19:443 tcp

Files

/var/log/setup/tmp/SeTtestfull

MD5 ec87a838931d4d5d2e94a04644788a55
SHA1 2e000fa7e85759c7f4c254d4d9c33ef481e459a7
SHA256 8a39d2abd3999ab73c34db2476849cddf303ce389b35826850f9a700589b4a90
SHA512 9dd0c30167fbeaf68dfbbad8e1af552a7a1fcae120b6e04f1b41fa76c76d5a78922ff828f5cffd8c02965cde57d63dcbfb4c479b3cb49c9d8107a7d5244e9d03

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

win7-20231129-en

Max time kernel

121s

Max time network

123s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-FoDMetadata-Package.cab

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-FoDMetadata-Package.cab

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-12 16:50

Reported

2024-06-12 16:55

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/sketchyorignorant-main/SeTkernel]

Signatures

Deletes log files

Description Indicator Process Target
File truncated /var/log/setup/tmp/SeTreturn /tmp/sketchyorignorant-main/SeTkernel N/A
File deleted /var/log/setup/tmp/SeTreturn /bin/rm N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/sketchyorignorant-main/SeTkernel

[/tmp/sketchyorignorant-main/SeTkernel]

/bin/mkdir

[mkdir -p /var/log/setup/tmp]

/bin/rm

[rm -f /var/log/setup/tmp/SeTreturn]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.8:443 tcp

Files

/var/log/setup/tmp/SeTreturn

MD5 414be6effbd82b71ba153940fb309e9b
SHA1 5f1e3f142c52f814c8cc197c34b69cea9a8023d0
SHA256 1e7eb70aa24f7ae8f4a48499d2fb16f27a2b5118f87f87871c27d58502d50c29
SHA512 5206aba7c0de07fa19987533cb5f413740cbb746424be30c65e7c092f61c1d4d4ef1da8a4ee3d6762fa9ef8d94ffe8b6a5856c021ee2d6e51378c11a65e6a3a8