Malware Analysis Report

2024-10-16 06:26

Sample ID 240624-yhbebasgpr
Target 0a80689876f07232265a1afb4ed2b66a_JaffaCakes118
SHA256 c0634f254bcf7e22e9c185b7b19468f636e055bb2f914b7e510a9f0bcb3069a0
Tags
antivm
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

c0634f254bcf7e22e9c185b7b19468f636e055bb2f914b7e510a9f0bcb3069a0

Threat Level: Likely benign

The file 0a80689876f07232265a1afb4ed2b66a_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

antivm

Checks CPU configuration

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-24 19:46

Signatures

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:46

Platform

ubuntu2404-amd64-20240523-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

131s

Command Line

[/tmp/.rsync/c/slow]

Signatures

N/A

Processes

/tmp/.rsync/c/slow

[/tmp/.rsync/c/slow]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:47

Platform

debian9-mipsel-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/.rsync/c/lib/32/libdl.so.2]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/32/libdl.so.2

[/tmp/.rsync/c/lib/32/libdl.so.2]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:46

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:46

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2404-amd64-20240523-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:46

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2204-amd64-20240611-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

29s

Max time network

131s

Command Line

[/tmp/.rsync/c/run]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A

Processes

/tmp/.rsync/c/run

[/tmp/.rsync/c/run]

/usr/bin/wc

[wc -l]

/bin/grep

[grep name]

/bin/grep

[grep model]

/bin/cat

[cat /proc/cpuinfo]

/bin/uname

[uname -m]

/bin/sleep

[sleep 15]

/tmp/.rsync/c/stop

[./stop]

/bin/sleep

[sleep 3]

/bin/sleep

[sleep 11]

/usr/bin/nohup

[nohup ./go]

/tmp/.rsync/c/go

[./go]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.129.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.6:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.4:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:47

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

137s

Max time network

139s

Command Line

[/tmp/.rsync/c/go]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A
File opened for modification /tmp/.rsync/c/v /usr/bin/touch N/A

Processes

/tmp/.rsync/c/go

[/tmp/.rsync/c/go]

/bin/uname

[uname -m]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/bin/sleep

[sleep 5s]

/usr/bin/timeout

[timeout 3h ./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/bin/sleep

[sleep 25s]

/usr/bin/timeout

[timeout 3h ./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/bin/sleep

[sleep 16s]

/usr/bin/timeout

[timeout 3h ./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/bin/sleep

[sleep 1s]

/usr/bin/timeout

[timeout 3h ./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/bin/sleep

[sleep 14s]

/usr/bin/timeout

[timeout 3h ./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/bin/sleep

[sleep 8s]

/usr/bin/timeout

[timeout 3h ./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/bin/sleep

[sleep 15s]

/usr/bin/timeout

[timeout 3h ./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/bin/sleep

[sleep 11s]

/usr/bin/timeout

[timeout 3h ./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/bin/sleep

[sleep 15s]

/usr/bin/timeout

[timeout 3h ./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/tmp/.rsync/c/tsm

[./tsm -t 505 -f 1 -s 9 -S 6 -p 0 -d 1 p ip]

/bin/sleep

[sleep 3]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf .out]

/bin/rm

[rm -rf /tmp/t*]

/usr/bin/touch

[touch v]

/bin/rm

[rm -rf p]

/bin/rm

[rm -rf ip]

/bin/rm

[rm -rf xtr*]

/bin/rm

[rm -rf a a.*]

/bin/rm

[rm -rf b b.*]

/bin/sleep

[sleep 24s]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.129.91:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
GB 89.187.167.8:443 tcp
US 1.1.1.1:53 odrs.gnome.org udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2204-amd64-20240611-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:46

Platform

ubuntu2404-amd64-20240523-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2404-amd64-20240523-en

Max time network

133s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2404-amd64-20240523-en

Max time network

129s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

149s

Command Line

[/tmp/.rsync/c/lib/64/libresolv-2.23.so]

Signatures

N/A

Processes

/tmp/.rsync/c/lib/64/libresolv-2.23.so

[/tmp/.rsync/c/lib/64/libresolv-2.23.so]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.193.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.7:443 tcp
US 151.101.129.91:443 tcp
US 151.101.65.91:443 tcp
US 151.101.1.91:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:46

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2204-amd64-20240611-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2404-amd64-20240523-en

Max time network

133s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:46

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2404-amd64-20240523-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

131s

Command Line

[/tmp/.rsync/c/tsm]

Signatures

N/A

Processes

/tmp/.rsync/c/tsm

[/tmp/.rsync/c/tsm]

/bin/readlink

[readlink -f /tmp/.rsync/c/tsm]

/usr/bin/dirname

[dirname /tmp/.rsync/c/tsm]

/bin/uname

[uname -m]

/tmp/.rsync/c/lib/64/tsm

[/tmp/.rsync/c/lib/64/tsm --library-path /tmp/.rsync/c/lib/64/ /tmp/.rsync/c/tsm64]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.8:443 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:49

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

131s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-24 19:46

Reported

2024-06-24 19:47

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A