Overview
overview
6Static
static
3sketchyori...4f90-a
windows7-x64
1sketchyori...4f90-a
windows10-2004-x64
1sketchyori...05eb-d
windows7-x64
1sketchyori...05eb-d
windows10-2004-x64
1sketchyori...e494-a
windows7-x64
1sketchyori...e494-a
windows10-2004-x64
1sketchyori...916b-d
windows7-x64
1sketchyori...916b-d
windows10-2004-x64
1sketchyori...6538-a
windows7-x64
1sketchyori...6538-a
windows10-2004-x64
1sketchyori...32e6-a
windows7-x64
1sketchyori...32e6-a
windows10-2004-x64
1sketchyori...b15d-a
windows7-x64
1sketchyori...b15d-a
windows10-2004-x64
1sketchyori...7ba4-a
windows7-x64
1sketchyori...7ba4-a
windows10-2004-x64
1sketchyori...7718-a
windows7-x64
1sketchyori...7718-a
windows10-2004-x64
1sketchyori...319c-d
windows7-x64
1sketchyori...319c-d
windows10-2004-x64
1sketchyori...ip.lnk
windows7-x64
3sketchyori...ip.lnk
windows10-2004-x64
3sketchyori...ge.lnk
windows7-x64
3sketchyori...ge.lnk
windows10-2004-x64
3sketchyori...FDhelp
windows7-x64
1sketchyori...FDhelp
windows10-2004-x64
1sketchyori...FW.lnk
windows7-x64
3sketchyori...FW.lnk
windows10-2004-x64
3sketchyori.../INSCD
ubuntu-18.04-amd64
6sketchyori.../INSCD
debian-9-armhf
1sketchyori.../INSCD
debian-9-mips
sketchyori.../INSCD
debian-9-mipsel
Resubmissions
12-06-2024 17:05
240612-vmcamasdqh 612-06-2024 16:56
240612-vft7vsscma 712-06-2024 16:50
240612-vcjxqasbna 612-06-2024 16:40
240612-t6wb6swank 6Analysis
-
max time kernel
9s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
12-06-2024 17:05
Static task
static1
Behavioral task
behavioral1
Sample
sketchyorignorant-main/000d5c57495cc0d4487b91c61d0c543f68b559156f4284463e5ce72f803b4f90-a
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
sketchyorignorant-main/000d5c57495cc0d4487b91c61d0c543f68b559156f4284463e5ce72f803b4f90-a
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
sketchyorignorant-main/0015ad62d94bd700d44b8d8cd0829b602273a6731658d6a9a12ec26d6e1f05eb-d
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
sketchyorignorant-main/0015ad62d94bd700d44b8d8cd0829b602273a6731658d6a9a12ec26d6e1f05eb-d
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
sketchyorignorant-main/0033657cd8e5f36c4bfb6fca0d170f97a22247738463071d6fe64481c8bfe494-a
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
sketchyorignorant-main/0033657cd8e5f36c4bfb6fca0d170f97a22247738463071d6fe64481c8bfe494-a
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
sketchyorignorant-main/004a257c148891b013731949f499049f7b4a6bdc692eb5932b46c8eed30d916b-d
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
sketchyorignorant-main/004a257c148891b013731949f499049f7b4a6bdc692eb5932b46c8eed30d916b-d
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
sketchyorignorant-main/006857f2e636f607e93c2b1ff486a196294ddf38d796d3bceb80fce959486538-a
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
sketchyorignorant-main/006857f2e636f607e93c2b1ff486a196294ddf38d796d3bceb80fce959486538-a
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
sketchyorignorant-main/006962bb76190c6cfad4c4b28868c5b0567993d2a3ee75c39c9e0a49188032e6-a
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
sketchyorignorant-main/006962bb76190c6cfad4c4b28868c5b0567993d2a3ee75c39c9e0a49188032e6-a
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
sketchyorignorant-main/0069f092738bc9044b183860f95311e747eae3338bb66b8d88b7c80e9722b15d-a
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
sketchyorignorant-main/0069f092738bc9044b183860f95311e747eae3338bb66b8d88b7c80e9722b15d-a
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
sketchyorignorant-main/0075c7f4698000aa5aea56f035582cac89ede60edbeb774afe41c516743f7ba4-a
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
sketchyorignorant-main/0075c7f4698000aa5aea56f035582cac89ede60edbeb774afe41c516743f7ba4-a
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
sketchyorignorant-main/008587ffad9fcc70a0362a8773eed5734ef89edf3e2d2bbc25f7737257567718-a
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
sketchyorignorant-main/008587ffad9fcc70a0362a8773eed5734ef89edf3e2d2bbc25f7737257567718-a
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
sketchyorignorant-main/00b7a8637bb3363e6294c527c6f10c298c4928f7d4b55578115eda0b57df319c-d
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
sketchyorignorant-main/00b7a8637bb3363e6294c527c6f10c298c4928f7d4b55578115eda0b57df319c-d
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
sketchyorignorant-main/AppInstallPlan.zip.lnk
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
sketchyorignorant-main/AppInstallPlan.zip.lnk
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
sketchyorignorant-main/CloudImage.lnk
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
sketchyorignorant-main/CloudImage.lnk
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
sketchyorignorant-main/FDhelp
Resource
win7-20240419-en
Behavioral task
behavioral26
Sample
sketchyorignorant-main/FDhelp
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
sketchyorignorant-main/FW.lnk
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
sketchyorignorant-main/FW.lnk
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
sketchyorignorant-main/INSCD
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral30
Sample
sketchyorignorant-main/INSCD
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral31
Sample
sketchyorignorant-main/INSCD
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral32
Sample
sketchyorignorant-main/INSCD
Resource
debian9-mipsel-20240418-en
General
-
Target
sketchyorignorant-main/INSCD
-
Size
9KB
-
MD5
10f4c9c5eb9ae32104e2792da3b0d61f
-
SHA1
b33ffd64531bda61feabfbc953819c8ec1790db6
-
SHA256
3f779a5cfe05ebc83f409d5228b7b08e2c09af001e08bd60e88dc9d41502fc3d
-
SHA512
c7e5273817911fbabdfa323a71d7163a2326c00f8bfd07ca70ae683609f4b506cdd75907ba5f18f93acd8bb3b53169ea24ae89122ee4669c81098b17ad7b1231
-
SSDEEP
96:ZP4F3j/dZHgYJH/t8oyS/1dD0Dc2LNX9TNN+3mPrOBiJTliJEsiJrtHqcRj1k9pP:4joyH/twdH7kUOK9y
Malware Config
Signatures
-
Deletes log files 1 TTPs 9 IoCs
Deletes log files on the system.
Processes:
rmINSCDrmdescription ioc process File deleted /var/log/setup/tmp/SeTmount rm File deleted /var/log/setup/tmp/SeTCDdev rm File truncated /var/log/setup/tmp/reply INSCD File deleted /var/log/setup/tmp/SeTDS rm File deleted /var/log/setup/tmp/SeTCDdev rm File deleted /var/log/setup/tmp/errordo rm File deleted /var/log/setup/tmp/SeTDS rm File deleted /var/log/setup/tmp/reply rm File deleted /var/log/setup/tmp/SeTmount rm -
Reads runtime system information 38 IoCs
Reads data from /proc virtual filesystem.
Processes:
mountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmountmkdirmountmountmountmountmountdescription ioc process File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mkdir File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount File opened for reading /proc/filesystems mount
Processes
-
/tmp/sketchyorignorant-main/INSCD/tmp/sketchyorignorant-main/INSCD1⤵
- Deletes log files
PID:1491 -
/bin/mkdirmkdir -p /var/log/setup/tmp2⤵
- Reads runtime system information
PID:1492 -
/bin/catcat /var/log/setup/tmp/SeTT_PX2⤵PID:1493
-
/bin/rmrm -f /var/log/setup/tmp/SeTmount /var/log/setup/tmp/SeTDS /var/log/setup/tmp/SeTCDdev /var/log/setup/tmp/reply2⤵
- Deletes log files
PID:1494 -
/bin/catcat /var/log/setup/tmp/reply2⤵PID:1495
-
/bin/sleepsleep 32⤵PID:1496
-
/bin/mountmount -o ro -t iso9660 /dev/hdd /var/log/mount2⤵
- Reads runtime system information
PID:1500 -
/bin/mountmount -o ro -t iso9660 /dev/hdc /var/log/mount2⤵
- Reads runtime system information
PID:1501 -
/bin/mountmount -o ro -t iso9660 /dev/hdb /var/log/mount2⤵
- Reads runtime system information
PID:1502 -
/bin/mountmount -o ro -t iso9660 /dev/hda /var/log/mount2⤵
- Reads runtime system information
PID:1503 -
/bin/mountmount -o ro -t iso9660 /dev/hde /var/log/mount2⤵
- Reads runtime system information
PID:1504 -
/bin/mountmount -o ro -t iso9660 /dev/hdf /var/log/mount2⤵
- Reads runtime system information
PID:1505 -
/bin/mountmount -o ro -t iso9660 /dev/hdg /var/log/mount2⤵
- Reads runtime system information
PID:1506 -
/bin/mountmount -o ro -t iso9660 /dev/hdh /var/log/mount2⤵
- Reads runtime system information
PID:1507 -
/bin/mountmount -o ro -t iso9660 /dev/hdi /var/log/mount2⤵
- Reads runtime system information
PID:1508 -
/bin/mountmount -o ro -t iso9660 /dev/hdj /var/log/mount2⤵
- Reads runtime system information
PID:1509 -
/bin/mountmount -o ro -t iso9660 /dev/hdk /var/log/mount2⤵
- Reads runtime system information
PID:1510 -
/bin/mountmount -o ro -t iso9660 /dev/hdl /var/log/mount2⤵
- Reads runtime system information
PID:1511 -
/bin/mountmount -o ro -t iso9660 /dev/hdm /var/log/mount2⤵
- Reads runtime system information
PID:1512 -
/bin/mountmount -o ro -t iso9660 /dev/hdn /var/log/mount2⤵
- Reads runtime system information
PID:1513 -
/bin/mountmount -o ro -t iso9660 /dev/hdo /var/log/mount2⤵
- Reads runtime system information
PID:1514 -
/bin/mountmount -o ro -t iso9660 /dev/hdp /var/log/mount2⤵
- Reads runtime system information
PID:1515 -
/bin/sleepsleep 32⤵PID:1516
-
/bin/mountmount -o ro -t iso9660 /dev/sr0 /var/log/mount2⤵
- Reads runtime system information
PID:1517 -
/bin/mountmount -o ro -t iso9660 /dev/sr1 /var/log/mount2⤵
- Reads runtime system information
PID:1518 -
/bin/mountmount -o ro -t iso9660 /dev/sr2 /var/log/mount2⤵
- Reads runtime system information
PID:1519 -
/bin/mountmount -o ro -t iso9660 /dev/sr3 /var/log/mount2⤵
- Reads runtime system information
PID:1520 -
/bin/sleepsleep 32⤵PID:1521
-
/bin/mountmount -o ro -t iso9660 /dev/pcd0 /var/log/mount2⤵
- Reads runtime system information
PID:1522 -
/bin/mountmount -o ro -t iso9660 /dev/pcd1 /var/log/mount2⤵
- Reads runtime system information
PID:1523 -
/bin/mountmount -o ro -t iso9660 /dev/pcd2 /var/log/mount2⤵
- Reads runtime system information
PID:1524 -
/bin/mountmount -o ro -t iso9660 /dev/pcd3 /var/log/mount2⤵
- Reads runtime system information
PID:1525 -
/bin/mountmount -o ro -t iso9660 /dev/sonycd /var/log/mount2⤵
- Reads runtime system information
PID:1526 -
/bin/mountmount -o ro -t iso9660 /dev/gscd /var/log/mount2⤵
- Reads runtime system information
PID:1527 -
/bin/mountmount -o ro -t iso9660 /dev/optcd /var/log/mount2⤵
- Reads runtime system information
PID:1528 -
/bin/mountmount -o ro -t iso9660 /dev/sjcd /var/log/mount2⤵
- Reads runtime system information
PID:1529 -
/bin/mountmount -o ro -t iso9660 /dev/mcdx0 /var/log/mount2⤵
- Reads runtime system information
PID:1530 -
/bin/mountmount -o ro -t iso9660 /dev/mcdx1 /var/log/mount2⤵
- Reads runtime system information
PID:1531 -
/bin/mountmount -o ro -t iso9660 /dev/cdu535 /var/log/mount2⤵
- Reads runtime system information
PID:1532 -
/bin/mountmount -o ro -t iso9660 /dev/sbpcd /var/log/mount2⤵
- Reads runtime system information
PID:1533 -
/bin/mountmount -o ro -t iso9660 /dev/aztcd /var/log/mount2⤵
- Reads runtime system information
PID:1534 -
/bin/mountmount -o ro -t iso9660 /dev/cm205cd /var/log/mount2⤵
- Reads runtime system information
PID:1535 -
/bin/mountmount -o ro -t iso9660 /dev/cm206cd /var/log/mount2⤵
- Reads runtime system information
PID:1536 -
/bin/mountmount -o ro -t iso9660 /dev/bpcd /var/log/mount2⤵
- Reads runtime system information
PID:1537 -
/bin/mountmount -o ro -t iso9660 /dev/mcd /var/log/mount2⤵
- Reads runtime system information
PID:1538 -
/bin/rmrm -f /var/log/setup/tmp/SeTDS /var/log/setup/tmp/SeTmount /var/log/setup/tmp/SeTCDdev /var/log/setup/tmp/errordo2⤵
- Deletes log files
PID:1539
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/var/log/setup/tmp/replyFilesize
92B
MD5d74c28a84f1d0d530db1ff720798aa88
SHA1442f563dcfe2b52de085f62f512e57234515b94c
SHA2565c3f3112d31ce1828e127a4ec05cbd3584c81526e7aac222fc021bf104df09e5
SHA512a53580656517fc2f4e83a2096f0320c120495a6c3bb4f672a31f58ea4df279134f292f7b143deb510bfde30946ee7ae9938aa08d5253ab805b33a41ab66fb9fe