Analysis
-
max time kernel
19s -
max time network
129s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
11-07-2024 08:06
General
-
Target
arma
-
Size
20KB
-
MD5
879172c625566d9b39bc0381393e7474
-
SHA1
d4c52ba0983856bb1b1e5e5962bc7781d924d784
-
SHA256
4620566578ca146aa8bd214f18ac56ebb6a5cd95e946dfb75fa4d71be1733053
-
SHA512
51c361b781602d2af89aa66d99706f5b8d1dc60be288225a405f62ec961008c44b48af04b5d23c464976ca7e260e35550d3f6c3cab454ef9d9ac454b1c38da5c
-
SSDEEP
192:RnxzjwsWskaDanX6JENuZYhz0h+fcfLBj4dr4NwNsexpPgmd5u275H2O7Sve6/Ji:BWskamFsqGhR9jpNwN9xp4jS36/Or
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 44 IoCs
-
Creates/modifies Cron job 1 TTPs 44 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Writes file to system bin folder 1 TTPs 1 IoCs
-
Reads runtime system information 45 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 45 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/arma/tmp/arma1⤵
- Creates/modifies Cron job
- Writes file to system bin folder
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileTjMfGD/tmp/arma2⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileLkw2l1/tmp/arma3⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file1Bu2Il/tmp/arma4⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filehOER1c/tmp/arma5⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileeJAzOx/tmp/arma6⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileNFfCeG/tmp/arma7⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filebEGSPb/tmp/arma8⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filelMb3VN/tmp/arma9⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileXH9j9k/tmp/arma10⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filequWqAh/tmp/arma11⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filey7IjqP/tmp/arma12⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filePmRvG2/tmp/arma13⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileCBm972/tmp/arma14⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file7kAIhO/tmp/arma15⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileGi0e1S/tmp/arma16⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileA6eUhc/tmp/arma17⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileupmo6n/tmp/arma18⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileY1QBdH/tmp/arma19⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileMwRtif/tmp/arma20⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileZxiHwx/tmp/arma21⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileXas4nK/tmp/arma22⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filenRxGZA/tmp/arma23⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileflKc6Y/tmp/arma24⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filey4mX0k/tmp/arma25⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file1WuyK4/tmp/arma26⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filezMxu2w/tmp/arma27⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileyU8GBR/tmp/arma28⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileSpYodA/tmp/arma29⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileAAJxHd/tmp/arma30⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileqGzrFn/tmp/arma31⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileaaATap/tmp/arma32⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filebgoSV4/tmp/arma33⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileYG59oz/tmp/arma34⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileuDrBQu/tmp/arma35⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file5wuYBa/tmp/arma36⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filetHRBHb/tmp/arma37⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filevdusNM/tmp/arma38⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filen9DFos/tmp/arma39⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileGU9drN/tmp/arma40⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filei9AAdG/tmp/arma41⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileDuUMt3/tmp/arma42⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileBhLXNt/tmp/arma43⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileWs3r98/tmp/arma44⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filece6b8A/tmp/arma45⤵
- Executes dropped EXE
- Reads runtime system information
- Writes file to tmp directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD53f006f7f81fc17be7f4a0d3da0fad5de
SHA197a94d3d0654c6551057af3809b52572bd7f9f5d
SHA256982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf
SHA51297d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0
-
Filesize
12KB
MD52ba8bf40c5bd55c1e62c25f29c5b45b5
SHA1da91e9feab5ba5dba905536ef2f8dd298423ee87
SHA25672c9601f7200df8eecc39fa232c96d4af35901b955ada85530fd2b712381423e
SHA512b7fd1ffc8dc67ce3766f046c67467d1993ae9216a83bf5f996577e634a48546cea9bc3753d28ec84f69afa2560922cac5f757a2fe331143e43c6b2fadf31107a
-
Filesize
20KB
MD5879172c625566d9b39bc0381393e7474
SHA1d4c52ba0983856bb1b1e5e5962bc7781d924d784
SHA2564620566578ca146aa8bd214f18ac56ebb6a5cd95e946dfb75fa4d71be1733053
SHA51251c361b781602d2af89aa66d99706f5b8d1dc60be288225a405f62ec961008c44b48af04b5d23c464976ca7e260e35550d3f6c3cab454ef9d9ac454b1c38da5c