Overview

overview

4

Static

static

1

.rsync/c/go

ubuntu-18.04-amd64

3

.rsync/c/go

debian-9-armhf

3

.rsync/c/go

debian-9-mips

3

.rsync/c/go

debian-9-mipsel

3

.rsync/c/l...c.so.6

ubuntu-24.04-amd64

.rsync/c/l...l.so.2

ubuntu-24.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-24.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-24.04-amd64

1

.rsync/c/l...d.so.0

ubuntu-24.04-amd64

.rsync/c/l....23.so

ubuntu-24.04-amd64

1

.rsync/c/l...v.so.2

ubuntu-18.04-amd64

1

.rsync/c/lib/32/tsm

ubuntu-24.04-amd64

1

.rsync/c/l...c.so.6

ubuntu-24.04-amd64

1

.rsync/c/l...l.so.2

ubuntu-22.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-22.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-22.04-amd64

1

.rsync/c/l...d.so.0

ubuntu-22.04-amd64

1

.rsync/c/l....23.so

ubuntu-22.04-amd64

1

.rsync/c/l...v.so.2

ubuntu-22.04-amd64

1

.rsync/c/lib/64/tsm

ubuntu-24.04-amd64

1

.rsync/c/run

ubuntu-18.04-amd64

4

.rsync/c/run

debian-9-armhf

4

.rsync/c/run

debian-9-mips

4

.rsync/c/run

debian-9-mipsel

4

.rsync/c/slow

ubuntu-18.04-amd64

1

.rsync/c/slow

debian-9-armhf

1

.rsync/c/slow

debian-9-mips

1

.rsync/c/slow

debian-9-mipsel

1

.rsync/c/tsm

ubuntu-18.04-amd64

1

.rsync/c/tsm

debian-9-armhf

1

.rsync/c/tsm

debian-9-mips

1

.rsync/c/tsm

debian-9-mipsel

1

Analysis

  • max time kernel
    19s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    01-07-2024 10:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .rsync/c/run

  • Size

    209B

  • MD5

    14d81e980c0ca2f21cfa386dbaeffc11

  • SHA1

    1736595cff66a4e29e749435d7a0a92a67c789b3

  • SHA256

    380244e59ba1b19961645d16da290b1111efc8131ae4da30fc1dde15639f2796

  • SHA512

    1e70258404880648d2a5b5b231e816bc7ed909d7a2d100d87ac85cc29b2b25ab730bef088ded84b3ac4c65705cb18ca5b0ff882446b6fe701756ac52e42c46fe

Score
4/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm

Processes

  • /tmp/.rsync/c/run
    /tmp/.rsync/c/run
    1⤵
      PID:663
      • /bin/cat
        cat /proc/cpuinfo
        2⤵
        • Checks CPU configuration
        PID:666
      • /bin/grep
        grep name
        2⤵
          PID:668
        • /bin/grep
          grep model
          2⤵
            PID:667
          • /usr/bin/wc
            wc -l
            2⤵
              PID:669
            • /bin/sleep
              sleep 15
              2⤵
                PID:675
              • /tmp/.rsync/c/stop
                ./stop
                2⤵
                  PID:755
                • /bin/sleep
                  sleep 3
                  2⤵
                    PID:756
                  • /bin/sleep
                    sleep 0
                    2⤵
                      PID:759
                  • /usr/bin/nohup
                    nohup ./go
                    1⤵
                      PID:760
                    • /tmp/.rsync/c/go
                      ./go
                      1⤵
                        PID:760

                      Network

                      MITRE ATT&CK Matrix ATT&CK v13

                      Initial Access

                      Execution

                      Persistence

                      Privilege Escalation

                      Defense Evasion

                      Virtualization/Sandbox Evasion

                      1
                      T1497

                      Credential Access

                      Discovery

                      Virtualization/Sandbox Evasion

                      1
                      T1497

                      Lateral Movement

                      Collection

                      Exfiltration

                      Command and Control

                      Impact

                      Resource Development

                      Reconnaissance

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads