Overview
overview
4Static
static
1smartsynch...tem.sh
ubuntu-18.04-amd64
4smartsynch...tem.sh
debian-9-armhf
4smartsynch...tem.sh
debian-9-mips
4smartsynch...tem.sh
debian-9-mipsel
4smartsynch...tem.sh
ubuntu-18.04-amd64
3smartsynch...tem.sh
debian-9-armhf
1smartsynch...tem.sh
debian-9-mips
1smartsynch...tem.sh
debian-9-mipsel
1smartsynch...ize.sh
ubuntu-18.04-amd64
3smartsynch...ize.sh
debian-9-armhf
1smartsynch...ize.sh
debian-9-mips
1smartsynch...ize.sh
debian-9-mipsel
1smartsynch...n/java
ubuntu-24.04-amd64
4smartsynch...in/jfr
ubuntu-24.04-amd64
4smartsynch...eytool
ubuntu-20.04-amd64
4smartsynch...gistry
ubuntu-24.04-amd64
4smartsynch.../jexec
ubuntu-20.04-amd64
1smartsynch...fs.jar
windows7-x64
1smartsynch...fs.jar
windows10-2004-x64
1smartsynch...helper
ubuntu-22.04-amd64
1smartsynch...ket.so
ubuntu-22.04-amd64
1smartsynch...ent.so
ubuntu-24.04-amd64
1smartsynch...gss.so
ubuntu-22.04-amd64
1smartsynch...aas.so
ubuntu-24.04-amd64
1smartsynch...ava.so
ubuntu-18.04-amd64
1smartsynch...dwp.so
ubuntu-24.04-amd64
1smartsynch...age.so
ubuntu-24.04-amd64
1smartsynch...jli.so
ubuntu-24.04-amd64
1smartsynch...sig.so
ubuntu-22.04-amd64
1smartsynch...ent.so
ubuntu-24.04-amd64
1smartsynch...ent.so
ubuntu-20.04-amd64
1smartsynch...ext.so
ubuntu-22.04-amd64
1Analysis
-
max time kernel
0s -
max time network
129s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
01-09-2024 20:30
Static task
static1
Behavioral task
behavioral1
Sample
smartsynchronize/bin/add-menuitem.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral2
Sample
smartsynchronize/bin/add-menuitem.sh
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral3
Sample
smartsynchronize/bin/add-menuitem.sh
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral4
Sample
smartsynchronize/bin/add-menuitem.sh
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral5
Sample
smartsynchronize/bin/remove-menuitem.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral6
Sample
smartsynchronize/bin/remove-menuitem.sh
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral7
Sample
smartsynchronize/bin/remove-menuitem.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral8
Sample
smartsynchronize/bin/remove-menuitem.sh
Resource
debian9-mipsel-20240729-en
debian-9-mipsel
Behavioral task
behavioral9
Sample
smartsynchronize/bin/smartsynchronize.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral10
Sample
smartsynchronize/bin/smartsynchronize.sh
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral11
Sample
smartsynchronize/bin/smartsynchronize.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral12
Sample
smartsynchronize/bin/smartsynchronize.sh
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral13
Sample
smartsynchronize/jre/bin/java
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral14
Sample
smartsynchronize/jre/bin/jfr
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral15
Sample
smartsynchronize/jre/bin/keytool
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
Behavioral task
behavioral16
Sample
smartsynchronize/jre/bin/rmiregistry
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral17
Sample
smartsynchronize/jre/lib/jexec
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
Behavioral task
behavioral18
Sample
smartsynchronize/jre/lib/jrt-fs.jar
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral19
Sample
smartsynchronize/jre/lib/jrt-fs.jar
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
smartsynchronize/jre/lib/jspawnhelper
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral21
Sample
smartsynchronize/jre/lib/libdt_socket.so
Resource
ubuntu2204-amd64-20240729-en
ubuntu-22.04-amd64
Behavioral task
behavioral22
Sample
smartsynchronize/jre/lib/libinstrument.so
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral23
Sample
smartsynchronize/jre/lib/libj2gss.so
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral24
Sample
smartsynchronize/jre/lib/libjaas.so
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral25
Sample
smartsynchronize/jre/lib/libjava.so
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral26
Sample
smartsynchronize/jre/lib/libjdwp.so
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral27
Sample
smartsynchronize/jre/lib/libjimage.so
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral28
Sample
smartsynchronize/jre/lib/libjli.so
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral29
Sample
smartsynchronize/jre/lib/libjsig.so
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
Behavioral task
behavioral30
Sample
smartsynchronize/jre/lib/libmanagement.so
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral31
Sample
smartsynchronize/jre/lib/libmanagement_agent.so
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
Behavioral task
behavioral32
Sample
smartsynchronize/jre/lib/libmanagement_ext.so
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
General
-
Target
smartsynchronize/jre/bin/jfr
-
Size
12KB
-
MD5
f2494dffff5cbea59f76040ce173db88
-
SHA1
1e15d930fecf6a53e83aad60c9c4945e9ddbad59
-
SHA256
1dd69c976edc6249068264d1a018e5ff607975c9957f07b13dcb5122328e28d5
-
SHA512
87b28910c35bc13d6040fcc1b0edd625fac6a3914e593725f65775998f65acfea41758f6766a19bed6e1144ffdcbdc11e96217483f92661776b850f117606e86
-
SSDEEP
96:R6uT+KFq8cgBXBOTKPo7DWmX37u3F6Fvw0eiEF3kNc/up7/XEV8cgBXB/t6UAf+R:RTZL1wKAHWmX3EYR5EupTD1/6
Malware Config
Signatures
-
Changes its process name 12 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself VM Thread 2519 Changes the process name, possibly in an attempt to hide itself Reference Handl 2520 Changes the process name, possibly in an attempt to hide itself Finalizer 2521 Changes the process name, possibly in an attempt to hide itself Signal Dispatch 2522 Changes the process name, possibly in an attempt to hide itself Service Thread 2523 Changes the process name, possibly in an attempt to hide itself Monitor Deflati 2524 Changes the process name, possibly in an attempt to hide itself C2 CompilerThre 2525 Changes the process name, possibly in an attempt to hide itself C1 CompilerThre 2526 Changes the process name, possibly in an attempt to hide itself Sweeper thread 2527 Changes the process name, possibly in an attempt to hide itself Notification Th 2528 Changes the process name, possibly in an attempt to hide itself VM Periodic Tas 2529 Changes the process name, possibly in an attempt to hide itself Common-Cleaner 2530 -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo jfr -
Reads CPU attributes 1 TTPs 2 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/possible jfr File opened for reading /sys/devices/system/cpu/online jfr -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/fs/cgroup/system.slice/agent.service/memory.max jfr File opened for reading /sys/fs/cgroup/system.slice/agent.service/cpu.max jfr -
Reads runtime system information 7 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/coredump_filter jfr File opened for reading /proc/sys/vm/overcommit_memory jfr File opened for reading /proc/2518 jfr File opened for reading /proc/stat jfr File opened for reading /proc/cgroups jfr File opened for reading /proc/self/cgroup jfr File opened for reading /proc/self/mountinfo jfr -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/hsperfdata_root/2516 jfr
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD52b55842f2d55ed3e6af74c56e109cbb7
SHA1b5f5e545253bd8cc9ad1dd96c123e822d0029036
SHA256492feb0d5117b61692e3618e41c5900c74e8ba1268da2564545a56b82de3b66e
SHA51208fa77e7b333519b9b7f14afeee64ed673baab9ad1a046583878a1db9ebe78ca73ccbb05094ee455203602024e110754f271af7f6364aac82f21c9086f498522