mrblack | ac8c67e7c61e71b030752ab27b327a4a265fc7af880fb8e35c66addc6d1ab21b

Analysis

max time kernel
149s
max time network
154s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
06-09-2024 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
Size

1.2MB
MD5

ce79d4dafea792c1021cda717501e6e2
SHA1

d257659d71de396b8bb07ba26c53288807f290dd
SHA256

ac8c67e7c61e71b030752ab27b327a4a265fc7af880fb8e35c66addc6d1ab21b
SHA512

052a008908f573f428b59b53edd6dc0ab1e347c646fef286eca3644d732f28db5a25fec08d0997ff13ac6099f900e83a1a9d45d3098fd5a164431499ad2d2005
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4y2y1q2rJp0:745vRVJKGtSA0VWeoBu9p0

Score

10^/10

mrblack antivm botnet discovery persistence trojan

Malware Config

Signatures

MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
trojan botnet mrblack

MrBlack trojan 1 IoCs

resource	yara_rule
behavioral1/files/fstream-4.dat	family_mrblack

Executes dropped EXE 2 IoCs

ioc	pid	Process
/usr/bin/bsd-port/getty	1631	getty
/usr/bin/.sshd	1647	.sshd

Modifies init.d 2 TTPs 2 IoCs

Adds/modifies system service, likely for persistence.

persistence

Boot or Logon Autostart Execution

T1547

RC Scripts

T1037.004

description	ioc	Process
File opened for modification	/etc/init.d/DbSecuritySpt	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for modification	/etc/init.d/selinux	getty

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	getty

Write file to user bin folder 12 IoCs

persistence

description	ioc	Process
File opened for modification	/usr/bin/bsd-port/getty	cp
File opened for modification	/usr/bin/.sshd	cp
File opened for modification	/usr/bin/dpkgd/ps	cp
File opened for modification	/usr/bin/lsof	cp
File opened for modification	/usr/bin/bsd-port/getty.lock	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for modification	/usr/bin/bsd-port/udevd.lock	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for modification	/usr/bin/dpkgd/ss	cp
File opened for modification	/usr/bin/ps	cp
File opened for modification	/usr/bin/ss	cp
File opened for modification	/usr/bin/bsd-port/conf.n	getty
File opened for modification	/usr/bin/bsd-port/getty.lock	getty
File opened for modification	/usr/bin/dpkgd/lsof	cp

Writes file to system bin folder 3 IoCs

description	ioc	Process
File opened for modification	/bin/ss	cp
File opened for modification	/bin/lsof	cp
File opened for modification	/bin/ps	cp

Checks CPU configuration 1 TTPs 2 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

T1497.001

description	ioc	Process
File opened for reading	/proc/cpuinfo	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for reading	/proc/cpuinfo	getty

Reads system network configuration 1 TTPs 4 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/dev	getty
File opened for reading	/proc/net/route	getty
File opened for reading	/proc/net/arp	getty
File opened for reading	/proc/net/dev	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118

Reads runtime system information 37 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/stat	getty
File opened for reading	/proc/sys/kernel/version	.sshd
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/meminfo	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for reading	/proc/meminfo	getty
File opened for reading	/proc/cmdline	insmod
File opened for reading	/proc/sys/kernel/version	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/stat	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/cmdline	insmod
File opened for reading	/proc/sys/kernel/version	getty
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir

Writes file to tmp directory 7 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/gates.lod	.sshd
File opened for modification	/tmp/moni.lod	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for modification	/tmp/bill.lock	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for modification	/tmp/gates.lod	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for modification	/tmp/notify.file	ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
File opened for modification	/tmp/moni.lod	.sshd
File opened for modification	/tmp/notify.file	.sshd

/tmp/ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
/tmp/ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
1⤵
- Modifies init.d
- Write file to user bin folder
- Checks CPU configuration
- Reads system network configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1598
- /bin/sh
  sh -c "ln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt"
  2⤵
  PID:1607
- - /usr/bin/ln
    ln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt
    3⤵
    PID:1608
- /bin/sh
  sh -c "ln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt"
  2⤵
  PID:1609
- - /usr/bin/ln
    ln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt
    3⤵
    PID:1610
- /bin/sh
  sh -c "ln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt"
  2⤵
  PID:1611
- - /usr/bin/ln
    ln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt
    3⤵
    PID:1612
- /bin/sh
  sh -c "ln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt"
  2⤵
  PID:1613
- - /usr/bin/ln
    ln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt
    3⤵
    PID:1614
- /bin/sh
  sh -c "ln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt"
  2⤵
  PID:1615
- - /usr/bin/ln
    ln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt
    3⤵
    PID:1616
- /bin/sh
  sh -c "mkdir -p /usr/bin/bsd-port"
  2⤵
  PID:1623
- - /usr/bin/mkdir
    mkdir -p /usr/bin/bsd-port
    3⤵
    - Reads runtime system information
    PID:1624
- /bin/sh
  sh -c "mkdir -p /usr/bin/bsd-port"
  2⤵
  PID:1625
- - /usr/bin/mkdir
    mkdir -p /usr/bin/bsd-port
    3⤵
    - Reads runtime system information
    PID:1626
- /bin/sh
  sh -c "cp -f /tmp/ce79d4dafea792c1021cda717501e6e2_JaffaCakes118 /usr/bin/bsd-port/getty"
  2⤵
  PID:1627
- - /usr/bin/cp
    cp -f /tmp/ce79d4dafea792c1021cda717501e6e2_JaffaCakes118 /usr/bin/bsd-port/getty
    3⤵
    - Write file to user bin folder
    - Reads runtime system information
    PID:1628
- /bin/sh
  sh -c /usr/bin/bsd-port/getty
  2⤵
  PID:1630
- - /usr/bin/bsd-port/getty
    /usr/bin/bsd-port/getty
    3⤵
    - Executes dropped EXE
    - Modifies init.d
    - Reads system routing table
    - Write file to user bin folder
    - Checks CPU configuration
    - Reads system network configuration
    - Reads runtime system information
    PID:1631
  - - /bin/sh
      sh -c "ln -s /etc/init.d/selinux /etc/rc1.d/S99selinux"
      4⤵
      PID:1639
    - - /usr/bin/ln
        
        ln -s /etc/init.d/selinux /etc/rc1.d/S99selinux
        5⤵
        
        PID:1640
  - - /bin/sh
      sh -c "ln -s /etc/init.d/selinux /etc/rc2.d/S99selinux"
      4⤵
      PID:1641
    - - /usr/bin/ln
        
        ln -s /etc/init.d/selinux /etc/rc2.d/S99selinux
        5⤵
        
        PID:1642
  - - /bin/sh
      sh -c "ln -s /etc/init.d/selinux /etc/rc3.d/S99selinux"
      4⤵
      PID:1643
    - - /usr/bin/ln
        
        ln -s /etc/init.d/selinux /etc/rc3.d/S99selinux
        5⤵
        
        PID:1644
  - - /bin/sh
      sh -c "ln -s /etc/init.d/selinux /etc/rc4.d/S99selinux"
      4⤵
      PID:1648
    - - /usr/bin/ln
        
        ln -s /etc/init.d/selinux /etc/rc4.d/S99selinux
        5⤵
        
        PID:1649
  - - /bin/sh
      sh -c "ln -s /etc/init.d/selinux /etc/rc5.d/S99selinux"
      4⤵
      PID:1650
    - - /usr/bin/ln
        
        ln -s /etc/init.d/selinux /etc/rc5.d/S99selinux
        5⤵
        
        PID:1651
  - - /bin/sh
      sh -c "mkdir -p /usr/bin/dpkgd"
      4⤵
      PID:1652
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin/dpkgd
        5⤵
        Reads runtime system information
        
        PID:1653
  - - /bin/sh
      sh -c "cp -f /bin/lsof /usr/bin/dpkgd/lsof"
      4⤵
      PID:1654
    - - /usr/bin/cp
        
        cp -f /bin/lsof /usr/bin/dpkgd/lsof
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1655
  - - /bin/sh
      sh -c "mkdir -p /bin"
      4⤵
      PID:1656
    - - /usr/bin/mkdir
        
        mkdir -p /bin
        5⤵
        Reads runtime system information
        
        PID:1657
  - - /bin/sh
      sh -c "mkdir -p /bin"
      4⤵
      PID:1658
    - - /usr/bin/mkdir
        
        mkdir -p /bin
        5⤵
        Reads runtime system information
        
        PID:1659
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /bin/lsof"
      4⤵
      PID:1660
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /bin/lsof
        5⤵
        Writes file to system bin folder
        Reads runtime system information
        
        PID:1661
  - - /bin/sh
      sh -c "chmod 0755 /bin/lsof"
      4⤵
      PID:1662
    - - /usr/bin/chmod
        
        chmod 0755 /bin/lsof
        5⤵
        
        PID:1663
  - - /bin/sh
      sh -c "cp -f /bin/ps /usr/bin/dpkgd/ps"
      4⤵
      PID:1664
    - - /usr/bin/cp
        
        cp -f /bin/ps /usr/bin/dpkgd/ps
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1665
  - - /bin/sh
      sh -c "mkdir -p /bin"
      4⤵
      PID:1666
    - - /usr/bin/mkdir
        
        mkdir -p /bin
        5⤵
        Reads runtime system information
        
        PID:1667
  - - /bin/sh
      sh -c "mkdir -p /bin"
      4⤵
      PID:1668
    - - /usr/bin/mkdir
        
        mkdir -p /bin
        5⤵
        Reads runtime system information
        
        PID:1669
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /bin/ps"
      4⤵
      PID:1670
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /bin/ps
        5⤵
        Writes file to system bin folder
        Reads runtime system information
        
        PID:1671
  - - /bin/sh
      sh -c "chmod 0755 /bin/ps"
      4⤵
      PID:1672
    - - /usr/bin/chmod
        
        chmod 0755 /bin/ps
        5⤵
        
        PID:1673
  - - /bin/sh
      sh -c "cp -f /bin/ss /usr/bin/dpkgd/ss"
      4⤵
      PID:1674
    - - /usr/bin/cp
        
        cp -f /bin/ss /usr/bin/dpkgd/ss
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1675
  - - /bin/sh
      sh -c "mkdir -p /bin"
      4⤵
      PID:1676
    - - /usr/bin/mkdir
        
        mkdir -p /bin
        5⤵
        Reads runtime system information
        
        PID:1677
  - - /bin/sh
      sh -c "mkdir -p /bin"
      4⤵
      PID:1678
    - - /usr/bin/mkdir
        
        mkdir -p /bin
        5⤵
        Reads runtime system information
        
        PID:1679
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /bin/ss"
      4⤵
      PID:1680
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /bin/ss
        5⤵
        Writes file to system bin folder
        Reads runtime system information
        
        PID:1681
  - - /bin/sh
      sh -c "chmod 0755 /bin/ss"
      4⤵
      PID:1682
    - - /usr/bin/chmod
        
        chmod 0755 /bin/ss
        5⤵
        
        PID:1683
  - - /bin/sh
      sh -c "mkdir -p /usr/bin"
      4⤵
      PID:1684
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin
        5⤵
        Reads runtime system information
        
        PID:1685
  - - /bin/sh
      sh -c "mkdir -p /usr/bin"
      4⤵
      PID:1686
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin
        5⤵
        Reads runtime system information
        
        PID:1687
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /usr/bin/lsof"
      4⤵
      PID:1688
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /usr/bin/lsof
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1689
  - - /bin/sh
      sh -c "chmod 0755 /usr/bin/lsof"
      4⤵
      PID:1690
    - - /usr/bin/chmod
        
        chmod 0755 /usr/bin/lsof
        5⤵
        
        PID:1691
  - - /bin/sh
      sh -c "mkdir -p /usr/bin"
      4⤵
      PID:1692
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin
        5⤵
        Reads runtime system information
        
        PID:1693
  - - /bin/sh
      sh -c "mkdir -p /usr/bin"
      4⤵
      PID:1694
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin
        5⤵
        Reads runtime system information
        
        PID:1695
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /usr/bin/ps"
      4⤵
      PID:1696
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /usr/bin/ps
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1697
  - - /bin/sh
      sh -c "chmod 0755 /usr/bin/ps"
      4⤵
      PID:1698
    - - /usr/bin/chmod
        
        chmod 0755 /usr/bin/ps
        5⤵
        
        PID:1699
  - - /bin/sh
      sh -c "mkdir -p /usr/bin"
      4⤵
      PID:1700
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin
        5⤵
        Reads runtime system information
        
        PID:1701
  - - /bin/sh
      sh -c "mkdir -p /usr/bin"
      4⤵
      PID:1702
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin
        5⤵
        Reads runtime system information
        
        PID:1704
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /usr/bin/ss"
      4⤵
      PID:1706
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /usr/bin/ss
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1707
  - - /bin/sh
      sh -c "chmod 0755 /usr/bin/ss"
      4⤵
      PID:1708
    - - /usr/bin/chmod
        
        chmod 0755 /usr/bin/ss
        5⤵
        
        PID:1709
  - - /bin/sh
      sh -c "insmod /usr/bin/bsd-port/xpacket.ko"
      4⤵
      PID:1713
    - - /usr/sbin/insmod
        
        insmod /usr/bin/bsd-port/xpacket.ko
        5⤵
        Reads runtime system information
        
        PID:1714
- /bin/sh
  sh -c "mkdir -p /usr/bin"
  2⤵
  PID:1633
- - /usr/bin/mkdir
    mkdir -p /usr/bin
    3⤵
    - Reads runtime system information
    PID:1634
- /bin/sh
  sh -c "mkdir -p /usr/bin"
  2⤵
  PID:1635
- - /usr/bin/mkdir
    mkdir -p /usr/bin
    3⤵
    - Reads runtime system information
    PID:1636
- /bin/sh
  sh -c "cp -f /tmp/ce79d4dafea792c1021cda717501e6e2_JaffaCakes118 /usr/bin/.sshd"
  2⤵
  PID:1637
- - /usr/bin/cp
    cp -f /tmp/ce79d4dafea792c1021cda717501e6e2_JaffaCakes118 /usr/bin/.sshd
    3⤵
    - Write file to user bin folder
    - Reads runtime system information
    PID:1638
- /bin/sh
  sh -c /usr/bin/.sshd
  2⤵
  PID:1646
- - /usr/bin/.sshd
    /usr/bin/.sshd
    3⤵
    - Executes dropped EXE
    - Reads runtime system information
    - Writes file to tmp directory
    PID:1647
- /bin/sh
  sh -c "insmod /tmp/xpacket.ko"
  2⤵
  PID:1710
- - /usr/sbin/insmod
    insmod /tmp/xpacket.ko
    3⤵
    - Reads runtime system information
    PID:1711

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Boot or Logon Initialization Scripts

T1037

RC Scripts

T1037.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Boot or Logon Initialization Scripts

T1037

RC Scripts

T1037.004

Defense Evasion

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/init.d/DbSecuritySpt

Filesize
64B

MD5
d6eaa0545419fce84abc3a72d0ae6053

SHA1
be1db6556be6b467d99d6081c196824172114ae2

SHA256
906d4faa921917677b33ff0c41fcd92cc96fae8ea3f931ca591f58ed418b998e

SHA512
c6916f2bb9182e9aee03af58ab7ad0df1b645d7bbe69fb84877cd00ab9998ec4fa89ced70dcab14fff685cda323ef63a9bc331a539f1923b5fa405f0e76409e1

Download Submit
/etc/init.d/selinux

Filesize
36B

MD5
993cc15058142d96c3daf7852c3d5ee8

SHA1
0950b8b391b04dd3895ea33cd3141543ebd2525d

SHA256
8171d077918611803d93088409f220c66fae1c670b297e1aa5d8cbd548ce9208

SHA512
0c4256c00a3710f97e92581b552682b36b62afc35fe72622c491323c618c19ea62611ac04ccafc3dfcde2254a2ebbd93b69b66795b16e36332293bed83adb928

Download Submit
/tmp/gates.lod

Filesize
4B

MD5
1bc0249a6412ef49b07fe6f62e6dc8de

SHA1
61f348dbfc99215070417b9d49da662cfd0671ef

SHA256
2f57a2e309c463513b962750096f4389e229001dccc19afcb95ff98c70e14d09

SHA512
e51fc38acc801d470d658cb9ec9f66f4a8cbcd96fb613c20bc43bbd4162ccd6c7bd223a5832f7e8eeadaa3a946a587b76c3c2e1eb1d16e6eb63ece3cbec0aa1c

Download Submit
/tmp/moni.lod

Filesize
4B

MD5
375c71349b295fbe2dcdca9206f20a06

SHA1
6a3236f5f213960de5c415fd15c6d1cb5a46d04e

SHA256
a860d24f31d82a4fbf73c4239d615936fcdfbd6d08319ba3807303469a0a35d1

SHA512
49e0ddcc26cb9ede49a5f9a59118adbe84b72d3c183937669e97004bf4085961e9aec3f7251fe427a3aaff988ab33343d29524b56a2c38173b9b68a972c923ec

Download Submit
/tmp/notify.file

Filesize
51B

MD5
d9889108f139e0675b35a35f77e081dc

SHA1
cc3df9050cd3be0333ee12eabc02780401ec11a0

SHA256
96bc415b6b5d10970ff7beed96dc2fd67bc6ebb482db9d7dc2244e4fe2f7f481

SHA512
825262f894a0679e0266d2d90e88dbe577c4fbe0ea07ccb46e3062f2809a912b97d3752095287ee87ba3b5384f2f06f2672b0abf7b367415e252125911caa003

Download Submit
/usr/bin/bsd-port/conf.n

Filesize
73B

MD5
4260b398928cc7125492acc11933be37

SHA1
701f3084f01c3bb361bc2c53b859e3dbb02baf72

SHA256
ccd3a82cd4e5fc061ce4d21af59342784e27bb21cf08d3aeb7868983487ac9dc

SHA512
08c8379626a80e07ae3b8697f0add1cd81174e92cdc1b717d13612740aef0d1e8872e9a0a3ab20f7a45bbdec95bda2441af2ef77751e3be11d1e6524512ce267

Download Submit
/usr/bin/bsd-port/getty

Filesize
1.2MB

MD5
ce79d4dafea792c1021cda717501e6e2

SHA1
d257659d71de396b8bb07ba26c53288807f290dd

SHA256
ac8c67e7c61e71b030752ab27b327a4a265fc7af880fb8e35c66addc6d1ab21b

SHA512
052a008908f573f428b59b53edd6dc0ab1e347c646fef286eca3644d732f28db5a25fec08d0997ff13ac6099f900e83a1a9d45d3098fd5a164431499ad2d2005

Download Submit
/usr/bin/dpkgd/lsof

Filesize
163KB

MD5
ab57b66cc531ae0f996963223e632b60

SHA1
bf7e5becd33f21c2539f5a75ffa0ab61c49c8795

SHA256
2484863a7bfda7f97b90bfd5dfceed4ec9f27dd51f9c5158c8daabbf4309b1df

SHA512
908acef13f3c1d80b7169ec3b16bb67006013453348fff75550bc3c6c2137e798b21d7990edbd5be63d756d9c41b06160aebf38aa80547e4bafa3a62596057f6

Download Submit
/usr/bin/dpkgd/ps

Filesize
138KB

MD5
8146139c2ad7e550b1d1f49480997446

SHA1
074db8890c3227bd8a588417f5b9bde637bcf3af

SHA256
207df9d438f75185ab3af2ab1173d104831a6631c28ef40d38b2ab43de27b40f

SHA512
b6d71d537f593b9af833e6f798e412e95fc486a313414ed8cca9639f61be7ac9dca700e9f861c0d07c7f65b3783127a67f829f422472cad8938ba01d397ab9de

Download Submit
/usr/bin/dpkgd/ss

Filesize
125KB

MD5
1b25ac945efae8520ba112b500e2d561

SHA1
8324c4d1d1427829266e82f203386232ff82af15

SHA256
5eb16d9a8bc81fe767725874e3f67623b8e86b46ec93546be49c5b09d3ab4636

SHA512
e191f967170ea4844f736c5ab75b7bf45fef3af34f0a4bef0d36475d646b0b089449fe39806664b9f6ce1984037687930cc368892230662c8c30f67fa3ac216e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads