42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662

Analysis

max time kernel
150s
max time network
167s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
21-07-2024 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
Size

122KB
MD5

16ce797b5a509d31bb999b13d2ceb899
SHA1

350258251451d041550e7ee08bd60bc4cb68f3af
SHA256

42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
SHA512

fba68e3122e7e0c879cab9667b70d579f6090bb3d9e53c30861f20bc949b163c4c08bda09002a7ee4bf28400d653508fd4a94a6317fb9a2c180e5f432566dead
SSDEEP

3072:qKlmVLTRAdyi8sclagWcnKFQxgPa55VOpmmyYThQ/1RnoY:qRsYaKBxgPa1OpmmyYThQ/1RnoY

Score

7^/10

persistence

Malware Config

Signatures

Renames itself 1 IoCs

pid
715

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

description	ioc	Process
File opened for modification	/var/spool/cron/crontabs/tmp.7IBEMn	crontab

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/6/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/32/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/727/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/5/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/26/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/628/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/630/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/4/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/56/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/358/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/710/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/17/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/21/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/316/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/14/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/322/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/681/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/18/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/325/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/785/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/51/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/707/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/23/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/42/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/755/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/788/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/8/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/22/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/248/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/29/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/686/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/704/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/737/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/774/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/812/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/13/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/45/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/761/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/826/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/802/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/194/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/315/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/344/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/648/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/754/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/757/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/798/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/740/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/7/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/9/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/12/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/34/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/186/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/647/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/711/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/766/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/15/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/141/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/663/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/665/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/758/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/760/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/20/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
File opened for reading	/proc/790/cmdline	42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662

/tmp/42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
/tmp/42abf53f393f7f6b23ace02dcecf8196ef678ad8b2e7c5d784aa3cb044419662
1⤵
- Reads runtime system information
PID:713
- /bin/sh
  sh -c "crontab -l"
  2⤵
  PID:716
- - /usr/bin/crontab
    crontab -l
    3⤵
    PID:718
- /bin/sh
  sh -c "crontab -"
  2⤵
  PID:723
- - /usr/bin/crontab
    crontab -
    3⤵
    - Creates/modifies Cron job
    PID:728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/var/spool/cron/crontabs/tmp.7IBEMn

Filesize
210B

MD5
35bf711223c085ee97335a3aeff5b72c

SHA1
845811d7abafb78e946b931636a9728aaff6125b

SHA256
16d31ada114b39f6cf3a73abc51b47a6c171b5ff26c85f9f3595c08f064c2edc

SHA512
d9c961a5cdda03c85db0ba859f885a4d05201c342d1e440a82609b981e3bff6055fcf175130a6af666086060c4ac3221b2abb8c41306b44ac779d82899e11baa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads