Resubmissions

12-06-2024 17:05

240612-vmcamasdqh 6

12-06-2024 16:56

240612-vft7vsscma 7

12-06-2024 16:50

240612-vcjxqasbna 6

12-06-2024 16:40

240612-t6wb6swank 6

Analysis

  • max time kernel
    9s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    12-06-2024 17:05

General

  • Target

    sketchyorignorant-main/INSCD

  • Size

    9KB

  • MD5

    10f4c9c5eb9ae32104e2792da3b0d61f

  • SHA1

    b33ffd64531bda61feabfbc953819c8ec1790db6

  • SHA256

    3f779a5cfe05ebc83f409d5228b7b08e2c09af001e08bd60e88dc9d41502fc3d

  • SHA512

    c7e5273817911fbabdfa323a71d7163a2326c00f8bfd07ca70ae683609f4b506cdd75907ba5f18f93acd8bb3b53169ea24ae89122ee4669c81098b17ad7b1231

  • SSDEEP

    96:ZP4F3j/dZHgYJH/t8oyS/1dD0Dc2LNX9TNN+3mPrOBiJTliJEsiJrtHqcRj1k9pP:4joyH/twdH7kUOK9y

Score
6/10

Malware Config

Signatures

  • Deletes log files 1 TTPs 9 IoCs

    Deletes log files on the system.

  • Reads runtime system information 38 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/sketchyorignorant-main/INSCD
    /tmp/sketchyorignorant-main/INSCD
    1⤵
    • Deletes log files
    PID:1491
    • /bin/mkdir
      mkdir -p /var/log/setup/tmp
      2⤵
      • Reads runtime system information
      PID:1492
    • /bin/cat
      cat /var/log/setup/tmp/SeTT_PX
      2⤵
        PID:1493
      • /bin/rm
        rm -f /var/log/setup/tmp/SeTmount /var/log/setup/tmp/SeTDS /var/log/setup/tmp/SeTCDdev /var/log/setup/tmp/reply
        2⤵
        • Deletes log files
        PID:1494
      • /bin/cat
        cat /var/log/setup/tmp/reply
        2⤵
          PID:1495
        • /bin/sleep
          sleep 3
          2⤵
            PID:1496
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdd /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1500
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdc /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1501
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdb /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1502
          • /bin/mount
            mount -o ro -t iso9660 /dev/hda /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1503
          • /bin/mount
            mount -o ro -t iso9660 /dev/hde /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1504
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdf /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1505
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdg /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1506
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdh /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1507
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdi /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1508
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdj /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1509
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdk /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1510
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdl /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1511
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdm /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1512
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdn /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1513
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdo /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1514
          • /bin/mount
            mount -o ro -t iso9660 /dev/hdp /var/log/mount
            2⤵
            • Reads runtime system information
            PID:1515
          • /bin/sleep
            sleep 3
            2⤵
              PID:1516
            • /bin/mount
              mount -o ro -t iso9660 /dev/sr0 /var/log/mount
              2⤵
              • Reads runtime system information
              PID:1517
            • /bin/mount
              mount -o ro -t iso9660 /dev/sr1 /var/log/mount
              2⤵
              • Reads runtime system information
              PID:1518
            • /bin/mount
              mount -o ro -t iso9660 /dev/sr2 /var/log/mount
              2⤵
              • Reads runtime system information
              PID:1519
            • /bin/mount
              mount -o ro -t iso9660 /dev/sr3 /var/log/mount
              2⤵
              • Reads runtime system information
              PID:1520
            • /bin/sleep
              sleep 3
              2⤵
                PID:1521
              • /bin/mount
                mount -o ro -t iso9660 /dev/pcd0 /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1522
              • /bin/mount
                mount -o ro -t iso9660 /dev/pcd1 /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1523
              • /bin/mount
                mount -o ro -t iso9660 /dev/pcd2 /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1524
              • /bin/mount
                mount -o ro -t iso9660 /dev/pcd3 /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1525
              • /bin/mount
                mount -o ro -t iso9660 /dev/sonycd /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1526
              • /bin/mount
                mount -o ro -t iso9660 /dev/gscd /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1527
              • /bin/mount
                mount -o ro -t iso9660 /dev/optcd /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1528
              • /bin/mount
                mount -o ro -t iso9660 /dev/sjcd /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1529
              • /bin/mount
                mount -o ro -t iso9660 /dev/mcdx0 /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1530
              • /bin/mount
                mount -o ro -t iso9660 /dev/mcdx1 /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1531
              • /bin/mount
                mount -o ro -t iso9660 /dev/cdu535 /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1532
              • /bin/mount
                mount -o ro -t iso9660 /dev/sbpcd /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1533
              • /bin/mount
                mount -o ro -t iso9660 /dev/aztcd /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1534
              • /bin/mount
                mount -o ro -t iso9660 /dev/cm205cd /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1535
              • /bin/mount
                mount -o ro -t iso9660 /dev/cm206cd /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1536
              • /bin/mount
                mount -o ro -t iso9660 /dev/bpcd /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1537
              • /bin/mount
                mount -o ro -t iso9660 /dev/mcd /var/log/mount
                2⤵
                • Reads runtime system information
                PID:1538
              • /bin/rm
                rm -f /var/log/setup/tmp/SeTDS /var/log/setup/tmp/SeTmount /var/log/setup/tmp/SeTCDdev /var/log/setup/tmp/errordo
                2⤵
                • Deletes log files
                PID:1539

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /var/log/setup/tmp/reply
              Filesize

              92B

              MD5

              d74c28a84f1d0d530db1ff720798aa88

              SHA1

              442f563dcfe2b52de085f62f512e57234515b94c

              SHA256

              5c3f3112d31ce1828e127a4ec05cbd3584c81526e7aac222fc021bf104df09e5

              SHA512

              a53580656517fc2f4e83a2096f0320c120495a6c3bb4f672a31f58ea4df279134f292f7b143deb510bfde30946ee7ae9938aa08d5253ab805b33a41ab66fb9fe