Overview
overview
10Static
static
10The-MALWAR...er.zip
windows7-x64
1The-MALWAR...er.zip
windows10-2004-x64
1The-MALWAR...ot.exe
windows7-x64
10The-MALWAR...ot.exe
windows10-2004-x64
10The-MALWAR...ll.exe
windows7-x64
10The-MALWAR...ll.exe
windows10-2004-x64
10The-MALWAR...BS.exe
windows7-x64
10The-MALWAR...BS.exe
windows10-2004-x64
10The-MALWAR...in.exe
windows7-x64
7The-MALWAR...in.exe
windows10-2004-x64
7The-MALWAR....A.exe
windows7-x64
7The-MALWAR....A.exe
windows10-2004-x64
7The-MALWAR....A.exe
windows7-x64
10The-MALWAR....A.exe
windows10-2004-x64
10The-MALWAR....A.dll
windows7-x64
7The-MALWAR....A.dll
windows10-2004-x64
6The-MALWAR...et.zip
windows7-x64
1The-MALWAR...et.zip
windows10-2004-x64
1The-MALWAR...r.xlsm
windows7-x64
10The-MALWAR...r.xlsm
windows10-2004-x64
10The-MALWAR...36c859
ubuntu-24.04-amd64
8The-MALWAR...caa742
ubuntu-22.04-amd64
8The-MALWAR...c1a732
ubuntu-22.04-amd64
8The-MALWAR...57c046
ubuntu-24.04-amd64
8The-MALWAR...4cde86
ubuntu-24.04-amd64
8The-MALWAR...460a01
ubuntu-24.04-amd64
8The-MALWAR...ece0c5
ubuntu-24.04-amd64
8The-MALWAR...257619
ubuntu-22.04-amd64
8The-MALWAR...fbcc59
ubuntu-22.04-amd64
8The-MALWAR...54f69c
ubuntu-22.04-amd64
8The-MALWAR...d539a6
ubuntu-22.04-amd64
8The-MALWAR...4996dd
ubuntu-24.04-amd64
8Analysis
-
max time kernel
149s -
max time network
161s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
04-09-2024 20:01
Static task
static1
Behavioral task
behavioral1
Sample
The-MALWARE-Repo-master.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
The-MALWARE-Repo-master.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
The-MALWARE-Repo-master/Banking-Malware/Emotet.zip
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
The-MALWARE-Repo-master/Banking-Malware/Emotet.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
Resource
ubuntu2404-amd64-20240729-en
Behavioral task
behavioral22
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral23
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral24
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral25
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
Resource
ubuntu2404-amd64-20240729-en
Behavioral task
behavioral26
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral27
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral28
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral29
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral30
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral31
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral32
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
Resource
ubuntu2404-amd64-20240729-en
General
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
-
Size
8.6MB
-
MD5
ae747bc7fff9bc23f06635ef60ea0e8d
-
SHA1
64315e834f67905ed4e47f36155362a78ac23462
-
SHA256
103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
-
SHA512
e24914a58565a43883c27ae4a41061e8edd3d5eef7b86c1c0e9910d9fbe0eef3e78ed49136ac0c9378311e99901b1847bcfd926aa9a3ea44149a7478480f82b2
-
SSDEEP
98304:rDSceJ/GqDu6P0ypQ0Qv5knSTH20ejwBcHjI7Xk:rDSceJ/GqD18RZv5knS720e7s
Malware Config
Signatures
-
Adds new SSH keys 1 TTPs 1 IoCs
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
Processes:
103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046description ioc process File opened for modification /root/.ssh/authorized_keys 103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046 -
Deletes itself 1 IoCs
Processes:
pid 2874 -
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 64 IoCs
Abuse sudo or cached sudo credentials to execute code.
Processes:
sudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudosudowhichpid process 3147 sudo 3366 sudo 4140 4574 4627 4895 2934 sudo 3157 sudo 3230 sudo 4413 4456 3044 sudo 3608 sudo 4692 3264 sudo 3476 sudo 3975 sudo 4716 4845 2932 sudo 3028 sudo 3181 sudo 3946 sudo 4122 4352 4405 3145 sudo 3661 sudo 4136 2904 sudo 3040 sudo 3175 sudo 3671 sudo 4024 sudo 4076 4342 4729 2938 sudo 3246 sudo 3504 sudo 3655 sudo 3132 sudo 3159 sudo 4224 4415 4584 4893 4899 3099 sudo 3932 sudo 4116 4222 4236 4511 4658 4760 3462 sudo 3718 sudo 4001 sudo 4244 4252 4254 4360 3238 which -
Processes:
103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046description ioc process File deleted /var/log/tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046 103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Checks CPU configuration 1 TTPs 64 IoCs
Checks CPU information which indicate if the system is a virtual machine.
Processes:
pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspsdescription ioc process File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo ps File opened for reading /proc/cpuinfo File opened for reading /proc/cpuinfo -
Reads CPU attributes 1 TTPs 64 IoCs
Processes:
pspspspspspspkillpkillpspspspspkillpspspkillpkillpkillpspkillpspkillpkillpkillpspspspspkilldescription ioc process File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible ps File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible pkill File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible File opened for reading /sys/devices/system/cpu/possible -
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
pkillpspkillpspspspkillpspkillpkillpkillpspspspspkillpspkillpkillpkillpspkillpspkillpkillpspspkillpspspsdescription ioc process File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node pkill File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node ps File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node File opened for reading /sys/devices/system/node -
Processes:
pkillkillallpkillpkillkillallpssudopspidofpspkillpskillallpskillallpkillpspkillkillallpskillallkillallpkillpspspkillpkillpspspkillpspsdescription ioc process File opened for reading /proc/2370/cgroup File opened for reading /proc/63/cgroup File opened for reading /proc/2300/cmdline File opened for reading /proc/2367/cmdline pkill File opened for reading /proc/37/stat killall File opened for reading /proc/2529/stat pkill File opened for reading /proc/2867/ctty File opened for reading /proc/2878/status File opened for reading /proc/2346/status File opened for reading /proc/12/stat File opened for reading /proc/7/status pkill File opened for reading /proc/2628 killall File opened for reading /proc/2284/cmdline ps File opened for reading /proc/sys/kernel/seccomp/actions_avail sudo File opened for reading /proc/2877/cmdline ps File opened for reading /proc/728/cgroup File opened for reading /proc/2368/environ File opened for reading /proc/194/stat pidof File opened for reading /proc/2189/environ ps File opened for reading /proc/24/cmdline pkill File opened for reading /proc/56/stat File opened for reading /proc/2300/status ps File opened for reading /proc/731/stat File opened for reading /proc/2651/ctty File opened for reading /proc/2074 killall File opened for reading /proc/56/cmdline File opened for reading /proc/13/stat File opened for reading /proc/1112/ctty ps File opened for reading /proc/2189 killall File opened for reading /proc/1400/cmdline pkill File opened for reading /proc/31/environ ps File opened for reading /proc/52/ctty pkill File opened for reading /proc/1067/cgroup File opened for reading /proc/25/cmdline File opened for reading /proc/2191/status File opened for reading /proc/2 killall File opened for reading /proc/33/environ ps File opened for reading /proc/3545 killall File opened for reading /proc/2345/cmdline File opened for reading /proc/2300/cgroup File opened for reading /proc/2523 killall File opened for reading /proc/1085/stat pkill File opened for reading /proc/2621/environ ps File opened for reading /proc/2867/cgroup File opened for reading /proc/2352/status ps File opened for reading /proc/199/status pkill File opened for reading /proc/357/ctty File opened for reading /proc/2300/stat File opened for reading /proc/8 File opened for reading /proc/51 File opened for reading /proc/2610/cmdline File opened for reading /proc/21/ctty pkill File opened for reading /proc/2639/cmdline pkill File opened for reading /proc/457/stat File opened for reading /proc/2539/cmdline ps File opened for reading /proc/49/status File opened for reading /proc/2870/cmdline ps File opened for reading /proc/2161/cmdline pkill File opened for reading /proc/2682/stat ps File opened for reading /proc/2370/stat ps File opened for reading /proc/2807/ctty File opened for reading /proc/2373/environ File opened for reading /proc/2468 File opened for reading /proc/793/environ -
Writes file to tmp directory 21 IoCs
Malware often drops required files in the /tmp directory.
Processes:
103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046touchtouchtouchtouchtouchtouchtouchtouchtouchtouchtouchdescription ioc process File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/nc 103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046 File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_2149 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_20765 File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_10129 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_19923 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_29275 File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_21234 File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_28289 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_4503 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_24732 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_20634 File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_30673 File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_9137 File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_9481 File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_15039 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_9750 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_7509 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_31374 File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_20654 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_24420 touch File opened for modification /tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/.local_22887
Processes
-
/tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046/tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c0461⤵
- Adds new SSH keys
- Deletes log files
- Writes file to tmp directory
-
/usr/bin/unameuname -a2⤵
-
/usr/bin/catcat /proc/cpuinfo2⤵
-
/usr/bin/catcat /etc/issue2⤵
-
/usr/bin/freefree -m2⤵
-
/usr/bin/uptimeuptime2⤵
-
/usr/bin/journalctljournalctl -S "@0" -u sshd2⤵
-
/usr/bin/catcat "/var/log/auth*"2⤵
-
/usr/bin/zcatzcat "/var/log/auth*"2⤵
-
/usr/local/sbin/gzipgzip -cd "/var/log/auth*"2⤵
-
/usr/local/bin/gzipgzip -cd "/var/log/auth*"2⤵
-
/usr/sbin/gzipgzip -cd "/var/log/auth*"2⤵
-
/usr/bin/gzipgzip -cd "/var/log/auth*"2⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/whichwhich sudo3⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/sudosudo -S touch .local_206543⤵
-
/usr/bin/touchtouch .local_206544⤵
- Writes file to tmp directory
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/lsls -l .local_206543⤵
-
/usr/bin/sudosudo rm .local_206543⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm .local_206544⤵
-
/usr/bin/sudosudo ps auxff3⤵
-
/usr/bin/psps auxff4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
-
/usr/bin/killallkillall -9 bssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
-
/usr/bin/killallkillall -9 xorgg4⤵
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf /tmp/.iolanda4⤵
-
/usr/bin/sudosudo pkill test.mod3⤵
-
/usr/bin/pkillpkill test.mod4⤵
-
/usr/bin/sudosudo pkill daemon.i686.mod3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/pkillpkill daemon.i686.mod4⤵
- Reads CPU attributes
-
/usr/bin/sudosudo pkill daemon.armv4l.mod3⤵
-
/usr/bin/pkillpkill daemon.armv4l.mod4⤵
-
/usr/bin/sudosudo pkill daemon.mips.mod3⤵
-
/usr/bin/pkillpkill daemon.mips.mod4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo pkill daemon.mipsel.mod3⤵
-
/usr/bin/pkillpkill daemon.mipsel.mod4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.xs3⤵
-
/usr/bin/rmrm -rf /tmp/.xs4⤵
-
/usr/bin/sudosudo pkill ld-linux-x86-643⤵
-
/usr/bin/pkillpkill ld-linux-x86-644⤵
-
/usr/bin/rmrm -rf "/var/tmp/. *"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep xmr3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep cryptonight3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep stratum3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep dbus-daemon--system3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
-
/usr/bin/grepgrep "\\[\\]"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
-
/usr/bin/grepgrep xm643⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 "[atd]"3⤵
-
/usr/bin/killallkillall -9 "[atd]"4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.jk3⤵
-
/usr/bin/rmrm -rf /tmp/.jk4⤵
-
/usr/bin/sudosudo killall -9 "[ntpd]"3⤵
-
/usr/bin/killallkillall -9 "[ntpd]"4⤵
-
/usr/bin/sudosudo killall -9 "[rpciod]"3⤵
-
/usr/bin/killallkillall -9 "[rpciod]"4⤵
-
/usr/bin/sudosudo killall -9 "[ext4-dio-unwrit]"3⤵
-
/usr/bin/killallkillall -9 "[ext4-dio-unwrit]"4⤵
-
/usr/bin/sudosudo rm -rf "/tmp/.xm*"3⤵
-
/usr/bin/rmrm -rf "/tmp/.xm*"4⤵
-
/usr/bin/pidofpidof libexec3⤵
- Reads runtime system information
-
/usr/bin/freefree -m2⤵
-
/usr/bin/uptimeuptime2⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/whichwhich sudo3⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/sudosudo -S touch .local_282893⤵
-
/usr/bin/touchtouch .local_282894⤵
- Writes file to tmp directory
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/lsls -l .local_282893⤵
-
/usr/bin/sudosudo rm .local_282893⤵
-
/usr/bin/rmrm .local_282894⤵
-
/usr/bin/sudosudo ps auxff3⤵
-
/usr/bin/psps auxff4⤵
- Checks CPU configuration
- Reads CPU attributes
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
-
/usr/bin/killallkillall -9 bssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
-
/usr/bin/killallkillall -9 xorgg4⤵
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
-
/usr/bin/rmrm -rf /tmp/.iolanda4⤵
-
/usr/bin/sudosudo pkill test.mod3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/pkillpkill test.mod4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo pkill daemon.i686.mod3⤵
-
/usr/bin/pkillpkill daemon.i686.mod4⤵
-
/usr/bin/sudosudo pkill daemon.armv4l.mod3⤵
-
/usr/bin/pkillpkill daemon.armv4l.mod4⤵
-
/usr/bin/sudosudo pkill daemon.mips.mod3⤵
-
/usr/bin/pkillpkill daemon.mips.mod4⤵
- Reads CPU attributes
-
/usr/bin/sudosudo pkill daemon.mipsel.mod3⤵
-
/usr/bin/pkillpkill daemon.mipsel.mod4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.xs3⤵
-
/usr/bin/rmrm -rf /tmp/.xs4⤵
-
/usr/bin/sudosudo pkill ld-linux-x86-643⤵
-
/usr/bin/pkillpkill ld-linux-x86-644⤵
-
/usr/bin/rmrm -rf "/var/tmp/. *"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep xmr3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep cryptonight3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
-
/usr/bin/grepgrep stratum3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/grepgrep dbus-daemon--system3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep "\\[\\]"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
-
/usr/bin/grepgrep xm643⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 "[atd]"3⤵
-
/usr/bin/killallkillall -9 "[atd]"4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.jk3⤵
-
/usr/bin/rmrm -rf /tmp/.jk4⤵
-
/usr/bin/sudosudo killall -9 "[ntpd]"3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/killallkillall -9 "[ntpd]"4⤵
-
/usr/bin/sudosudo killall -9 "[rpciod]"3⤵
-
/usr/bin/killallkillall -9 "[rpciod]"4⤵
-
/usr/bin/sudosudo killall -9 "[ext4-dio-unwrit]"3⤵
-
/usr/bin/killallkillall -9 "[ext4-dio-unwrit]"4⤵
-
/usr/bin/sudosudo rm -rf "/tmp/.xm*"3⤵
-
/usr/bin/rmrm -rf "/tmp/.xm*"4⤵
-
/usr/bin/pidofpidof libexec3⤵
-
/usr/bin/freefree -m2⤵
-
/usr/bin/uptimeuptime2⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/whichwhich sudo3⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/sudosudo -S touch .local_21493⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/touchtouch .local_21494⤵
- Writes file to tmp directory
-
/usr/bin/lsls -l .local_21493⤵
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/sudosudo rm .local_21493⤵
-
/usr/bin/rmrm .local_21494⤵
-
/usr/bin/sudosudo ps auxff3⤵
-
/usr/bin/psps auxff4⤵
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/killallkillall -9 bssh4⤵
- Reads runtime system information
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
-
/usr/bin/killallkillall -9 xorgg4⤵
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
-
/usr/bin/rmrm -rf /tmp/.iolanda4⤵
-
/usr/bin/sudosudo pkill test.mod3⤵
-
/usr/bin/pkillpkill test.mod4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo pkill daemon.i686.mod3⤵
-
/usr/bin/pkillpkill daemon.i686.mod4⤵
-
/usr/bin/sudosudo pkill daemon.armv4l.mod3⤵
-
/usr/bin/pkillpkill daemon.armv4l.mod4⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo pkill daemon.mips.mod3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/pkillpkill daemon.mips.mod4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo pkill daemon.mipsel.mod3⤵
-
/usr/bin/pkillpkill daemon.mipsel.mod4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.xs3⤵
-
/usr/bin/rmrm -rf /tmp/.xs4⤵
-
/usr/bin/sudosudo pkill ld-linux-x86-643⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/pkillpkill ld-linux-x86-644⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/rmrm -rf "/var/tmp/. *"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
-
/usr/bin/grepgrep xmr3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
-
/usr/bin/grepgrep cryptonight3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Reads runtime system information
-
/usr/bin/grepgrep stratum3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep dbus-daemon--system3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/grepgrep "\\[\\]"3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep xm643⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 "[atd]"3⤵
-
/usr/bin/killallkillall -9 "[atd]"4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.jk3⤵
-
/usr/bin/rmrm -rf /tmp/.jk4⤵
-
/usr/bin/sudosudo killall -9 "[ntpd]"3⤵
-
/usr/bin/killallkillall -9 "[ntpd]"4⤵
-
/usr/bin/sudosudo killall -9 "[rpciod]"3⤵
-
/usr/bin/killallkillall -9 "[rpciod]"4⤵
-
/usr/bin/sudosudo killall -9 "[ext4-dio-unwrit]"3⤵
-
/usr/bin/killallkillall -9 "[ext4-dio-unwrit]"4⤵
-
/usr/bin/sudosudo rm -rf "/tmp/.xm*"3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf "/tmp/.xm*"4⤵
-
/usr/bin/pidofpidof libexec3⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/whichwhich sudo3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/sudosudo -S touch .local_45033⤵
-
/usr/bin/touchtouch .local_45034⤵
- Writes file to tmp directory
-
/usr/bin/lsls -l .local_45033⤵
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/sudosudo rm .local_45033⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm .local_45034⤵
-
/usr/bin/sudosudo ps auxff3⤵
-
/usr/bin/psps auxff4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
-
/usr/bin/killallkillall -9 bssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/killallkillall -9 xorgg4⤵
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
-
/usr/bin/rmrm -rf /tmp/.iolanda4⤵
-
/usr/bin/sudosudo pkill test.mod3⤵
-
/usr/bin/pkillpkill test.mod4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo pkill daemon.i686.mod3⤵
-
/usr/bin/pkillpkill daemon.i686.mod4⤵
- Reads CPU attributes
-
/usr/bin/sudosudo pkill daemon.armv4l.mod3⤵
-
/usr/bin/pkillpkill daemon.armv4l.mod4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo pkill daemon.mips.mod3⤵
-
/usr/bin/pkillpkill daemon.mips.mod4⤵
- Reads runtime system information
-
/usr/bin/sudosudo pkill daemon.mipsel.mod3⤵
-
/usr/bin/pkillpkill daemon.mipsel.mod4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo rm -rf /tmp/.xs3⤵
-
/usr/bin/rmrm -rf /tmp/.xs4⤵
-
/usr/bin/sudosudo pkill ld-linux-x86-643⤵
-
/usr/bin/pkillpkill ld-linux-x86-644⤵
- Reads CPU attributes
-
/usr/bin/rmrm -rf "/var/tmp/. *"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep xmr3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep cryptonight3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Reads CPU attributes
-
/usr/bin/grepgrep stratum3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads runtime system information
-
/usr/bin/grepgrep dbus-daemon--system3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
-
/usr/bin/grepgrep "\\[\\]"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
-
/usr/bin/grepgrep xm643⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 "[atd]"3⤵
-
/usr/bin/killallkillall -9 "[atd]"4⤵
- Reads runtime system information
-
/usr/bin/sudosudo rm -rf /tmp/.jk3⤵
-
/usr/bin/rmrm -rf /tmp/.jk4⤵
-
/usr/bin/sudosudo killall -9 "[ntpd]"3⤵
-
/usr/bin/killallkillall -9 "[ntpd]"4⤵
-
/usr/bin/sudosudo killall -9 "[rpciod]"3⤵
-
/usr/bin/killallkillall -9 "[rpciod]"4⤵
-
/usr/bin/sudosudo killall -9 "[ext4-dio-unwrit]"3⤵
-
/usr/bin/killallkillall -9 "[ext4-dio-unwrit]"4⤵
-
/usr/bin/sudosudo rm -rf "/tmp/.xm*"3⤵
-
/usr/bin/rmrm -rf "/tmp/.xm*"4⤵
-
/usr/bin/pidofpidof libexec3⤵
-
/usr/bin/freefree -m2⤵
-
/usr/bin/uptimeuptime2⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/whichwhich sudo3⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/sudosudo -S touch .local_247323⤵
-
/usr/bin/touchtouch .local_247324⤵
- Writes file to tmp directory
-
/usr/bin/lsls -l .local_247323⤵
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/sudosudo rm .local_247323⤵
-
/usr/bin/rmrm .local_247324⤵
-
/usr/bin/sudosudo ps auxff3⤵
-
/usr/bin/psps auxff4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
-
/usr/bin/killallkillall -9 bssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
-
/usr/bin/killallkillall -9 xorgg4⤵
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
- Reads runtime system information
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
-
/usr/bin/rmrm -rf /tmp/.iolanda4⤵
-
/usr/bin/sudosudo pkill test.mod3⤵
-
/usr/bin/pkillpkill test.mod4⤵
-
/usr/bin/sudosudo pkill daemon.i686.mod3⤵
-
/usr/bin/pkillpkill daemon.i686.mod4⤵
- Reads runtime system information
-
/usr/bin/sudosudo pkill daemon.armv4l.mod3⤵
-
/usr/bin/pkillpkill daemon.armv4l.mod4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo pkill daemon.mips.mod3⤵
-
/usr/bin/pkillpkill daemon.mips.mod4⤵
- Reads CPU attributes
-
/usr/bin/sudosudo pkill daemon.mipsel.mod3⤵
-
/usr/bin/pkillpkill daemon.mipsel.mod4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.xs3⤵
-
/usr/bin/rmrm -rf /tmp/.xs4⤵
-
/usr/bin/sudosudo pkill ld-linux-x86-643⤵
-
/usr/bin/pkillpkill ld-linux-x86-644⤵
-
/usr/bin/rmrm -rf "/var/tmp/. *"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep xmr3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
-
/usr/bin/grepgrep cryptonight3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads runtime system information
-
/usr/bin/grepgrep stratum3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep dbus-daemon--system3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
-
/usr/bin/grepgrep "\\[\\]"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
-
/usr/bin/grepgrep xm643⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 "[atd]"3⤵
-
/usr/bin/killallkillall -9 "[atd]"4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.jk3⤵
-
/usr/bin/rmrm -rf /tmp/.jk4⤵
-
/usr/bin/sudosudo killall -9 "[ntpd]"3⤵
-
/usr/bin/killallkillall -9 "[ntpd]"4⤵
-
/usr/bin/sudosudo killall -9 "[rpciod]"3⤵
-
/usr/bin/killallkillall -9 "[rpciod]"4⤵
- Reads runtime system information
-
/usr/bin/sudosudo killall -9 "[ext4-dio-unwrit]"3⤵
-
/usr/bin/killallkillall -9 "[ext4-dio-unwrit]"4⤵
-
/usr/bin/sudosudo rm -rf "/tmp/.xm*"3⤵
-
/usr/bin/rmrm -rf "/tmp/.xm*"4⤵
-
/usr/bin/pidofpidof libexec3⤵
-
/usr/bin/freefree -m2⤵
-
/usr/bin/uptimeuptime2⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/whichwhich sudo3⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/sudosudo -S touch .local_150393⤵
-
/usr/bin/touchtouch .local_150394⤵
- Writes file to tmp directory
-
/usr/bin/lsls -l .local_150393⤵
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/sudosudo rm .local_150393⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm .local_150394⤵
-
/usr/bin/sudosudo ps auxff3⤵
-
/usr/bin/psps auxff4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
-
/usr/bin/killallkillall -9 bssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
-
/usr/bin/killallkillall -9 xorgg4⤵
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
-
/usr/bin/rmrm -rf /tmp/.iolanda4⤵
-
/usr/bin/sudosudo pkill test.mod3⤵
-
/usr/bin/pkillpkill test.mod4⤵
-
/usr/bin/sudosudo pkill daemon.i686.mod3⤵
-
/usr/bin/pkillpkill daemon.i686.mod4⤵
- Reads runtime system information
-
/usr/bin/sudosudo pkill daemon.armv4l.mod3⤵
-
/usr/bin/pkillpkill daemon.armv4l.mod4⤵
-
/usr/bin/sudosudo pkill daemon.mips.mod3⤵
-
/usr/bin/pkillpkill daemon.mips.mod4⤵
- Reads CPU attributes
-
/usr/bin/sudosudo pkill daemon.mipsel.mod3⤵
-
/usr/bin/pkillpkill daemon.mipsel.mod4⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/sudosudo rm -rf /tmp/.xs3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf /tmp/.xs4⤵
-
/usr/bin/sudosudo pkill ld-linux-x86-643⤵
-
/usr/bin/pkillpkill ld-linux-x86-644⤵
-
/usr/bin/rmrm -rf "/var/tmp/. *"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Reads runtime system information
-
/usr/bin/grepgrep xmr3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep cryptonight3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
-
/usr/bin/grepgrep stratum3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep dbus-daemon--system3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep "\\[\\]"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Reads runtime system information
-
/usr/bin/grepgrep xm643⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 "[atd]"3⤵
-
/usr/bin/killallkillall -9 "[atd]"4⤵
- Reads runtime system information
-
/usr/bin/sudosudo rm -rf /tmp/.jk3⤵
-
/usr/bin/rmrm -rf /tmp/.jk4⤵
-
/usr/bin/sudosudo killall -9 "[ntpd]"3⤵
-
/usr/bin/killallkillall -9 "[ntpd]"4⤵
-
/usr/bin/sudosudo killall -9 "[rpciod]"3⤵
-
/usr/bin/killallkillall -9 "[rpciod]"4⤵
-
/usr/bin/sudosudo killall -9 "[ext4-dio-unwrit]"3⤵
-
/usr/bin/killallkillall -9 "[ext4-dio-unwrit]"4⤵
- Reads runtime system information
-
/usr/bin/sudosudo rm -rf "/tmp/.xm*"3⤵
-
/usr/bin/rmrm -rf "/tmp/.xm*"4⤵
-
/usr/bin/pidofpidof libexec3⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/whichwhich sudo3⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/sudosudo -S touch .local_97503⤵
-
/usr/bin/touchtouch .local_97504⤵
- Writes file to tmp directory
-
/usr/bin/lsls -l .local_97503⤵
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/sudosudo rm .local_97503⤵
-
/usr/bin/rmrm .local_97504⤵
-
/usr/bin/sudosudo ps auxff3⤵
-
/usr/bin/psps auxff4⤵
- Reads runtime system information
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
-
/usr/bin/killallkillall -9 bssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
-
/usr/bin/killallkillall -9 xorgg4⤵
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
-
/usr/bin/rmrm -rf /tmp/.iolanda4⤵
-
/usr/bin/sudosudo pkill test.mod3⤵
-
/usr/bin/pkillpkill test.mod4⤵
-
/usr/bin/sudosudo pkill daemon.i686.mod3⤵
-
/usr/bin/pkillpkill daemon.i686.mod4⤵
- Reads runtime system information
-
/usr/bin/sudosudo pkill daemon.armv4l.mod3⤵
-
/usr/bin/pkillpkill daemon.armv4l.mod4⤵
-
/usr/bin/sudosudo pkill daemon.mips.mod3⤵
-
/usr/bin/pkillpkill daemon.mips.mod4⤵
-
/usr/bin/sudosudo pkill daemon.mipsel.mod3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/pkillpkill daemon.mipsel.mod4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.xs3⤵
-
/usr/bin/rmrm -rf /tmp/.xs4⤵
-
/usr/bin/sudosudo pkill ld-linux-x86-643⤵
-
/usr/bin/pkillpkill ld-linux-x86-644⤵
-
/usr/bin/rmrm -rf "/var/tmp/. *"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep xmr3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
-
/usr/bin/grepgrep cryptonight3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/grepgrep stratum3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep dbus-daemon--system3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep "\\[\\]"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep xm643⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 "[atd]"3⤵
-
/usr/bin/killallkillall -9 "[atd]"4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.jk3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf /tmp/.jk4⤵
-
/usr/bin/sudosudo killall -9 "[ntpd]"3⤵
-
/usr/bin/killallkillall -9 "[ntpd]"4⤵
-
/usr/bin/sudosudo killall -9 "[rpciod]"3⤵
-
/usr/bin/killallkillall -9 "[rpciod]"4⤵
-
/usr/bin/sudosudo killall -9 "[ext4-dio-unwrit]"3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/killallkillall -9 "[ext4-dio-unwrit]"4⤵
-
/usr/bin/sudosudo rm -rf "/tmp/.xm*"3⤵
-
/usr/bin/rmrm -rf "/tmp/.xm*"4⤵
-
/usr/bin/pidofpidof libexec3⤵
-
/usr/bin/freefree -m2⤵
-
/usr/bin/uptimeuptime2⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/whichwhich sudo3⤵
-
/usr/bin/sudosudo -S touch .local_75093⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/touchtouch .local_75094⤵
- Writes file to tmp directory
-
/usr/bin/lsls -l .local_75093⤵
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/sudosudo rm .local_75093⤵
-
/usr/bin/rmrm .local_75094⤵
-
/usr/bin/sudosudo ps auxff3⤵
-
/usr/bin/psps auxff4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
-
/usr/bin/killallkillall -9 bssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
-
/usr/bin/killallkillall -9 xorgg4⤵
- Reads runtime system information
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
-
/usr/bin/rmrm -rf /tmp/.iolanda4⤵
-
/usr/bin/sudosudo pkill test.mod3⤵
-
/usr/bin/pkillpkill test.mod4⤵
-
/usr/bin/sudosudo pkill daemon.i686.mod3⤵
-
/usr/bin/pkillpkill daemon.i686.mod4⤵
- Reads runtime system information
-
/usr/bin/sudosudo pkill daemon.armv4l.mod3⤵
-
/usr/bin/pkillpkill daemon.armv4l.mod4⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/sudosudo pkill daemon.mips.mod3⤵
-
/usr/bin/pkillpkill daemon.mips.mod4⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/sudosudo pkill daemon.mipsel.mod3⤵
-
/usr/bin/pkillpkill daemon.mipsel.mod4⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/bin/sudosudo rm -rf /tmp/.xs3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf /tmp/.xs4⤵
-
/usr/bin/sudosudo pkill ld-linux-x86-643⤵
-
/usr/bin/pkillpkill ld-linux-x86-644⤵
-
/usr/bin/rmrm -rf "/var/tmp/. *"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads runtime system information
-
/usr/bin/grepgrep xmr3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep cryptonight3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep stratum3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/bin/grepgrep dbus-daemon--system3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep "\\[\\]"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep xm643⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 "[atd]"3⤵
-
/usr/bin/killallkillall -9 "[atd]"4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.jk3⤵
-
/usr/bin/rmrm -rf /tmp/.jk4⤵
-
/usr/bin/sudosudo killall -9 "[ntpd]"3⤵
-
/usr/bin/killallkillall -9 "[ntpd]"4⤵
-
/usr/bin/sudosudo killall -9 "[rpciod]"3⤵
-
/usr/bin/killallkillall -9 "[rpciod]"4⤵
-
/usr/bin/sudosudo killall -9 "[ext4-dio-unwrit]"3⤵
-
/usr/bin/killallkillall -9 "[ext4-dio-unwrit]"4⤵
-
/usr/bin/sudosudo rm -rf "/tmp/.xm*"3⤵
-
/usr/bin/rmrm -rf "/tmp/.xm*"4⤵
-
/usr/bin/pidofpidof libexec3⤵
-
/usr/bin/freefree -m2⤵
-
/usr/bin/uptimeuptime2⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/whichwhich sudo3⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/sudosudo -S touch .local_244203⤵
-
/usr/bin/touchtouch .local_244204⤵
- Writes file to tmp directory
-
/usr/bin/lsls -l .local_244203⤵
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/sudosudo rm .local_244203⤵
-
/usr/bin/rmrm .local_244204⤵
-
/usr/bin/sudosudo ps auxff3⤵
-
/usr/bin/psps auxff4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
-
/usr/bin/killallkillall -9 bssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
- Reads runtime system information
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
-
/usr/bin/killallkillall -9 xorgg4⤵
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
-
/usr/bin/rmrm -rf /tmp/.iolanda4⤵
-
/usr/bin/sudosudo pkill test.mod3⤵
-
/usr/bin/pkillpkill test.mod4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo pkill daemon.i686.mod3⤵
-
/usr/bin/pkillpkill daemon.i686.mod4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/sudosudo pkill daemon.armv4l.mod3⤵
-
/usr/bin/pkillpkill daemon.armv4l.mod4⤵
-
/usr/bin/sudosudo pkill daemon.mips.mod3⤵
-
/usr/bin/pkillpkill daemon.mips.mod4⤵
-
/usr/bin/sudosudo pkill daemon.mipsel.mod3⤵
-
/usr/bin/pkillpkill daemon.mipsel.mod4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.xs3⤵
-
/usr/bin/rmrm -rf /tmp/.xs4⤵
-
/usr/bin/sudosudo pkill ld-linux-x86-643⤵
-
/usr/bin/pkillpkill ld-linux-x86-644⤵
-
/usr/bin/rmrm -rf "/var/tmp/. *"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads runtime system information
-
/usr/bin/grepgrep xmr3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Reads runtime system information
-
/usr/bin/grepgrep cryptonight3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep stratum3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep dbus-daemon--system3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Reads CPU attributes
-
/usr/bin/grepgrep "\\[\\]"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep xm643⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 "[atd]"3⤵
-
/usr/bin/killallkillall -9 "[atd]"4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.jk3⤵
-
/usr/bin/rmrm -rf /tmp/.jk4⤵
-
/usr/bin/sudosudo killall -9 "[ntpd]"3⤵
-
/usr/bin/killallkillall -9 "[ntpd]"4⤵
-
/usr/bin/sudosudo killall -9 "[rpciod]"3⤵
-
/usr/bin/killallkillall -9 "[rpciod]"4⤵
-
/usr/bin/sudosudo killall -9 "[ext4-dio-unwrit]"3⤵
-
/usr/bin/killallkillall -9 "[ext4-dio-unwrit]"4⤵
-
/usr/bin/sudosudo rm -rf "/tmp/.xm*"3⤵
-
/usr/bin/rmrm -rf "/tmp/.xm*"4⤵
-
/usr/bin/pidofpidof libexec3⤵
-
/usr/bin/freefree -m2⤵
-
/usr/bin/uptimeuptime2⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/whichwhich sudo3⤵
-
/usr/bin/sudosudo -S touch .local_101293⤵
-
/usr/bin/touchtouch .local_101294⤵
- Writes file to tmp directory
-
/usr/bin/lsls -l .local_101293⤵
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/sudosudo rm .local_101293⤵
-
/usr/bin/rmrm .local_101294⤵
-
/usr/bin/sudosudo ps auxff3⤵
-
/usr/bin/psps auxff4⤵
- Checks CPU configuration
- Reads runtime system information
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
-
/usr/bin/killallkillall -9 bssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
-
/usr/bin/killallkillall -9 xorgg4⤵
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
-
/usr/bin/rmrm -rf /tmp/.iolanda4⤵
-
/usr/bin/sudosudo pkill test.mod3⤵
-
/usr/bin/pkillpkill test.mod4⤵
-
/usr/bin/sudosudo pkill daemon.i686.mod3⤵
-
/usr/bin/pkillpkill daemon.i686.mod4⤵
-
/usr/bin/sudosudo pkill daemon.armv4l.mod3⤵
-
/usr/bin/pkillpkill daemon.armv4l.mod4⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/bin/sudosudo pkill daemon.mips.mod3⤵
-
/usr/bin/pkillpkill daemon.mips.mod4⤵
-
/usr/bin/sudosudo pkill daemon.mipsel.mod3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/pkillpkill daemon.mipsel.mod4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.xs3⤵
-
/usr/bin/rmrm -rf /tmp/.xs4⤵
-
/usr/bin/sudosudo pkill ld-linux-x86-643⤵
-
/usr/bin/pkillpkill ld-linux-x86-644⤵
-
/usr/bin/rmrm -rf "/var/tmp/. *"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/bin/grepgrep xmr3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
- Reads CPU attributes
-
/usr/bin/grepgrep cryptonight3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Checks CPU configuration
-
/usr/bin/grepgrep stratum3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
- Enumerates kernel/hardware configuration
-
/usr/bin/grepgrep dbus-daemon--system3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
-
/usr/bin/grepgrep "\\[\\]"3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/sudosudo ps auxf3⤵
-
/usr/bin/psps auxf4⤵
-
/usr/bin/grepgrep xm643⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 "[atd]"3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/killallkillall -9 "[atd]"4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.jk3⤵
-
/usr/bin/rmrm -rf /tmp/.jk4⤵
-
/usr/bin/sudosudo killall -9 "[ntpd]"3⤵
-
/usr/bin/killallkillall -9 "[ntpd]"4⤵
-
/usr/bin/sudosudo killall -9 "[rpciod]"3⤵
-
/usr/bin/killallkillall -9 "[rpciod]"4⤵
-
/usr/bin/sudosudo killall -9 "[ext4-dio-unwrit]"3⤵
-
/usr/bin/killallkillall -9 "[ext4-dio-unwrit]"4⤵
-
/usr/bin/sudosudo rm -rf "/tmp/.xm*"3⤵
-
/usr/bin/rmrm -rf "/tmp/.xm*"4⤵
-
/usr/bin/pidofpidof libexec3⤵
-
/bin/bash/bin/bash -2⤵
-
/usr/bin/whichwhich sudo3⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/sudosudo -S touch .local_199233⤵
-
/usr/bin/touchtouch .local_199234⤵
- Writes file to tmp directory
-
/usr/bin/lsls -l .local_199233⤵
-
/usr/bin/grepgrep -c root3⤵
-
/usr/bin/sudosudo rm .local_199233⤵
-
/usr/bin/rmrm .local_199234⤵
-
/usr/bin/sudosudo ps auxff3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/psps auxff4⤵
- Reads CPU attributes
-
/usr/bin/grepgrep "./crond -t=all"3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{ print \$2 }"3⤵
-
/usr/bin/sudosudo killall -9 bssh3⤵
-
/usr/bin/killallkillall -9 bssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.an3⤵
-
/usr/bin/rmrm -rf /tmp/.an4⤵
-
/usr/bin/sudosudo killall -9 xm643⤵
-
/usr/bin/killallkillall -9 xm644⤵
-
/usr/bin/sudosudo killall -9 rpc.idmapd3⤵
-
/usr/bin/killallkillall -9 rpc.idmapd4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.m23⤵
-
/usr/bin/rmrm -rf /tmp/.m24⤵
-
/usr/bin/sudosudo killall -9 xorgg3⤵
-
/usr/bin/killallkillall -9 xorgg4⤵
-
/usr/bin/sudosudo rm -rf /tmp/seconfig3⤵
-
/usr/bin/rmrm -rf /tmp/seconfig4⤵
-
/usr/bin/sudosudo killall -9 crond643⤵
-
/usr/bin/killallkillall -9 crond644⤵
-
/usr/bin/sudosudo killall -9 tsm3⤵
-
/usr/bin/killallkillall -9 tsm4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.ssh3⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/bin/rmrm -rf /tmp/.ssh4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.java3⤵
-
/usr/bin/rmrm -rf /tmp/.java4⤵
-
/usr/bin/sudosudo rm -rf /tmp/.iolanda3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Indicator Removal
1Clear Linux or Mac System Logs
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/tmp/The-MALWARE-Repo-master/Botnets/FritzFrog/ncFilesize
8.6MB
MD5ae747bc7fff9bc23f06635ef60ea0e8d
SHA164315e834f67905ed4e47f36155362a78ac23462
SHA256103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
SHA512e24914a58565a43883c27ae4a41061e8edd3d5eef7b86c1c0e9910d9fbe0eef3e78ed49136ac0c9378311e99901b1847bcfd926aa9a3ea44149a7478480f82b2