mrblack | 7d4529ae3fde5d8d91f90478708350497c859f9db88ce401c8eb40c9d1bd57a6

Analysis

max time kernel
149s
max time network
153s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
28-09-2024 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
Size

1.1MB
MD5

fb32d9ed9ec428e273d020411369c13a
SHA1

cfee07acf58b774744494ef911bd0e0949e57bfc
SHA256

7d4529ae3fde5d8d91f90478708350497c859f9db88ce401c8eb40c9d1bd57a6
SHA512

59ece367cf98b1577b412f40055a988f8c3281c8e6072ed45743760dac487ccdf83b2f947d1f70032ac173014896b56bc98038945f02b6751ac28aa534a8943f
SSDEEP

24576:lzdjjEQBCRwTvlSg+Z0cDCFXtuTPE/dl0rUmQLNwy0R:lZjEEFLEg+Z0wutuTPE1l0rU5d0R

Score

10^/10

mrblack antivm botnet defense_evasion discovery persistence trojan

Malware Config

Signatures

MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
trojan botnet mrblack

MrBlack trojan 1 IoCs

Processes:

resource	yara_rule
/usr/bin/bsd-port/getty	family_mrblack

File and Directory Permissions Modification 1 TTPs 12 IoCs
Adversaries may modify file or directory permissions to evade defenses.
defense_evasion

Linux and Mac File and Directory Permissions Modification
T1222.002

Processes:

chmodshchmodshchmodshchmodchmodshshchmodsh

pid process

1704 chmod
1668 sh
1677 chmod
1684 sh
1685 chmod
1690 sh
1691 chmod
1669 chmod
1676 sh
1697 sh
1698 chmod
1703 sh
Executes dropped EXE 2 IoCs

Processes:

getty.sshd

ioc pid process

/usr/bin/bsd-port/getty 1629 getty
/usr/bin/.sshd 1637 .sshd

pid	process
1704	chmod
1668	sh
1677	chmod
1684	sh
1685	chmod
1690	sh
1691	chmod
1669	chmod
1676	sh
1697	sh
1698	chmod
1703	sh

ioc	pid	process
/usr/bin/bsd-port/getty	1629	getty
/usr/bin/.sshd	1637	.sshd

Modifies init.d 2 TTPs 2 IoCs

Adds/modifies system service, likely for persistence.

persistence

Boot or Logon Autostart Execution

T1547

RC Scripts

T1037.004

Processes:

fb32d9ed9ec428e273d020411369c13a_JaffaCakes118getty

description	ioc	process
File opened for modification	/etc/init.d/DbSecuritySpt	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for modification	/etc/init.d/selinux	getty

Reads system routing table 1 TTPs 2 IoCs
Gets active network interfaces from /proc virtual filesystem.
discovery

Internet Connection Discovery
T1016.001

Processes:

fb32d9ed9ec428e273d020411369c13a_JaffaCakes118getty

description ioc process

File opened for reading /proc/net/route fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for reading /proc/net/route getty

description	ioc	process
File opened for reading	/proc/net/route	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for reading	/proc/net/route	getty

Write file to user bin folder 12 IoCs

persistence

Processes:

fb32d9ed9ec428e273d020411369c13a_JaffaCakes118cpgettycpcpcpcpcpcpcp

description	ioc	process
File opened for modification	/usr/bin/bsd-port/getty.lock	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for modification	/usr/bin/bsd-port/udevd.lock	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for modification	/usr/bin/.sshd	cp
File opened for modification	/usr/bin/bsd-port/getty.lock	getty
File opened for modification	/usr/bin/ps	cp
File opened for modification	/usr/bin/bsd-port/getty	cp
File opened for modification	/usr/bin/dpkgd/lsof	cp
File opened for modification	/usr/bin/dpkgd/ps	cp
File opened for modification	/usr/bin/dpkgd/ss	cp
File opened for modification	/usr/bin/lsof	cp
File opened for modification	/usr/bin/ss	cp
File opened for modification	/usr/bin/bsd-port/conf.n	getty

Writes file to system bin folder 3 IoCs

Processes:

cpcpcp

description ioc process

File opened for modification /bin/lsof cp
File opened for modification /bin/ps cp
File opened for modification /bin/ss cp
Checks CPU configuration 1 TTPs 2 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

System Checks
T1497.001

Processes:

fb32d9ed9ec428e273d020411369c13a_JaffaCakes118getty

description ioc process

File opened for reading /proc/cpuinfo fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for reading /proc/cpuinfo getty

description	ioc	process
File opened for modification	/bin/lsof	cp
File opened for modification	/bin/ps	cp
File opened for modification	/bin/ss	cp

description	ioc	process
File opened for reading	/proc/cpuinfo	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for reading	/proc/cpuinfo	getty

Reads system network configuration 1 TTPs 6 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

Processes:

gettyfb32d9ed9ec428e273d020411369c13a_JaffaCakes118

description	ioc	process
File opened for reading	/proc/net/dev	getty
File opened for reading	/proc/net/route	getty
File opened for reading	/proc/net/arp	getty
File opened for reading	/proc/net/dev	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for reading	/proc/net/route	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for reading	/proc/net/arp	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118

Reads runtime system information 29 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

cpfb32d9ed9ec428e273d020411369c13a_JaffaCakes118insmodmkdirgettycpmkdircpcpmkdir.sshdcpcpmkdircpcpcpcpmkdirmkdirmkdirmkdircpmkdirinsmod

description	ioc	process
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/stat	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for reading	/proc/cmdline	insmod
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/sys/kernel/version	getty
File opened for reading	/proc/meminfo	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/sys/kernel/version	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/sys/kernel/version	.sshd
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/meminfo	getty
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/stat	getty
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/cmdline	insmod

Writes file to tmp directory 8 IoCs

Malware often drops required files in the /tmp directory.

Processes:

fb32d9ed9ec428e273d020411369c13a_JaffaCakes118.sshd

description	ioc	process
File opened for modification	/tmp/moni.lod	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for modification	/tmp/bill.lock	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for modification	/tmp/gates.lod	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for modification	/tmp/notify.file	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for modification	/tmp/conf.n	fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
File opened for modification	/tmp/moni.lod	.sshd
File opened for modification	/tmp/notify.file	.sshd
File opened for modification	/tmp/gates.lod	.sshd

/tmp/fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
/tmp/fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
1⤵
- Modifies init.d
- Reads system routing table
- Write file to user bin folder
- Checks CPU configuration
- Reads system network configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1587
- /bin/sh
  sh -c "ln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt"
  2⤵
  PID:1607
- - /usr/bin/ln
    ln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt
    3⤵
    PID:1608
- /bin/sh
  sh -c "ln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt"
  2⤵
  PID:1609
- - /usr/bin/ln
    ln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt
    3⤵
    PID:1610
- /bin/sh
  sh -c "ln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt"
  2⤵
  PID:1611
- - /usr/bin/ln
    ln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt
    3⤵
    PID:1612
- /bin/sh
  sh -c "ln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt"
  2⤵
  PID:1613
- - /usr/bin/ln
    ln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt
    3⤵
    PID:1614
- /bin/sh
  sh -c "ln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt"
  2⤵
  PID:1615
- - /usr/bin/ln
    ln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt
    3⤵
    PID:1616
- /bin/sh
  sh -c "mkdir -p /usr/bin/bsd-port"
  2⤵
  PID:1617
- - /usr/bin/mkdir
    mkdir -p /usr/bin/bsd-port
    3⤵
    - Reads runtime system information
    PID:1618
- /bin/sh
  sh -c "cp -f /tmp/fb32d9ed9ec428e273d020411369c13a_JaffaCakes118 /usr/bin/bsd-port/getty"
  2⤵
  PID:1619
- - /usr/bin/cp
    cp -f /tmp/fb32d9ed9ec428e273d020411369c13a_JaffaCakes118 /usr/bin/bsd-port/getty
    3⤵
    - Write file to user bin folder
    - Reads runtime system information
    PID:1620
- /bin/sh
  sh -c /usr/bin/bsd-port/getty
  2⤵
  PID:1628
- - /usr/bin/bsd-port/getty
    /usr/bin/bsd-port/getty
    3⤵
    - Executes dropped EXE
    - Modifies init.d
    - Reads system routing table
    - Write file to user bin folder
    - Checks CPU configuration
    - Reads system network configuration
    - Reads runtime system information
    PID:1629
  - - /bin/sh
      sh -c "ln -s /etc/init.d/selinux /etc/rc1.d/S99selinux"
      4⤵
      PID:1649
    - - /usr/bin/ln
        
        ln -s /etc/init.d/selinux /etc/rc1.d/S99selinux
        5⤵
        
        PID:1650
  - - /bin/sh
      sh -c "ln -s /etc/init.d/selinux /etc/rc2.d/S99selinux"
      4⤵
      PID:1651
    - - /usr/bin/ln
        
        ln -s /etc/init.d/selinux /etc/rc2.d/S99selinux
        5⤵
        
        PID:1652
  - - /bin/sh
      sh -c "ln -s /etc/init.d/selinux /etc/rc3.d/S99selinux"
      4⤵
      PID:1654
    - - /usr/bin/ln
        
        ln -s /etc/init.d/selinux /etc/rc3.d/S99selinux
        5⤵
        
        PID:1655
  - - /bin/sh
      sh -c "ln -s /etc/init.d/selinux /etc/rc4.d/S99selinux"
      4⤵
      PID:1656
    - - /usr/bin/ln
        
        ln -s /etc/init.d/selinux /etc/rc4.d/S99selinux
        5⤵
        
        PID:1657
  - - /bin/sh
      sh -c "ln -s /etc/init.d/selinux /etc/rc5.d/S99selinux"
      4⤵
      PID:1658
    - - /usr/bin/ln
        
        ln -s /etc/init.d/selinux /etc/rc5.d/S99selinux
        5⤵
        
        PID:1659
  - - /bin/sh
      sh -c "mkdir -p /usr/bin/dpkgd"
      4⤵
      PID:1660
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin/dpkgd
        5⤵
        Reads runtime system information
        
        PID:1661
  - - /bin/sh
      sh -c "cp -f /bin/lsof /usr/bin/dpkgd/lsof"
      4⤵
      PID:1662
    - - /usr/bin/cp
        
        cp -f /bin/lsof /usr/bin/dpkgd/lsof
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1663
  - - /bin/sh
      sh -c "mkdir -p /bin"
      4⤵
      PID:1664
    - - /usr/bin/mkdir
        
        mkdir -p /bin
        5⤵
        Reads runtime system information
        
        PID:1665
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /bin/lsof"
      4⤵
      PID:1666
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /bin/lsof
        5⤵
        Writes file to system bin folder
        Reads runtime system information
        
        PID:1667
  - - /bin/sh
      sh -c "chmod 0755 /bin/lsof"
      4⤵
      File and Directory Permissions Modification
      PID:1668
    - - /usr/bin/chmod
        
        chmod 0755 /bin/lsof
        5⤵
        File and Directory Permissions Modification
        
        PID:1669
  - - /bin/sh
      sh -c "cp -f /bin/ps /usr/bin/dpkgd/ps"
      4⤵
      PID:1670
    - - /usr/bin/cp
        
        cp -f /bin/ps /usr/bin/dpkgd/ps
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1671
  - - /bin/sh
      sh -c "mkdir -p /bin"
      4⤵
      PID:1672
    - - /usr/bin/mkdir
        
        mkdir -p /bin
        5⤵
        Reads runtime system information
        
        PID:1673
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /bin/ps"
      4⤵
      PID:1674
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /bin/ps
        5⤵
        Writes file to system bin folder
        Reads runtime system information
        
        PID:1675
  - - /bin/sh
      sh -c "chmod 0755 /bin/ps"
      4⤵
      File and Directory Permissions Modification
      PID:1676
    - - /usr/bin/chmod
        
        chmod 0755 /bin/ps
        5⤵
        File and Directory Permissions Modification
        
        PID:1677
  - - /bin/sh
      sh -c "cp -f /bin/ss /usr/bin/dpkgd/ss"
      4⤵
      PID:1678
    - - /usr/bin/cp
        
        cp -f /bin/ss /usr/bin/dpkgd/ss
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1679
  - - /bin/sh
      sh -c "mkdir -p /bin"
      4⤵
      PID:1680
    - - /usr/bin/mkdir
        
        mkdir -p /bin
        5⤵
        Reads runtime system information
        
        PID:1681
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /bin/ss"
      4⤵
      PID:1682
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /bin/ss
        5⤵
        Writes file to system bin folder
        Reads runtime system information
        
        PID:1683
  - - /bin/sh
      sh -c "chmod 0755 /bin/ss"
      4⤵
      File and Directory Permissions Modification
      PID:1684
    - - /usr/bin/chmod
        
        chmod 0755 /bin/ss
        5⤵
        File and Directory Permissions Modification
        
        PID:1685
  - - /bin/sh
      sh -c "mkdir -p /usr/bin"
      4⤵
      PID:1686
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin
        5⤵
        Reads runtime system information
        
        PID:1687
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /usr/bin/lsof"
      4⤵
      PID:1688
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /usr/bin/lsof
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1689
  - - /bin/sh
      sh -c "chmod 0755 /usr/bin/lsof"
      4⤵
      File and Directory Permissions Modification
      PID:1690
    - - /usr/bin/chmod
        
        chmod 0755 /usr/bin/lsof
        5⤵
        File and Directory Permissions Modification
        
        PID:1691
  - - /bin/sh
      sh -c "mkdir -p /usr/bin"
      4⤵
      PID:1692
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin
        5⤵
        Reads runtime system information
        
        PID:1693
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /usr/bin/ps"
      4⤵
      PID:1695
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /usr/bin/ps
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1696
  - - /bin/sh
      sh -c "chmod 0755 /usr/bin/ps"
      4⤵
      File and Directory Permissions Modification
      PID:1697
    - - /usr/bin/chmod
        
        chmod 0755 /usr/bin/ps
        5⤵
        File and Directory Permissions Modification
        
        PID:1698
  - - /bin/sh
      sh -c "mkdir -p /usr/bin"
      4⤵
      PID:1699
    - - /usr/bin/mkdir
        
        mkdir -p /usr/bin
        5⤵
        Reads runtime system information
        
        PID:1700
  - - /bin/sh
      sh -c "cp -f /usr/bin/bsd-port/getty /usr/bin/ss"
      4⤵
      PID:1701
    - - /usr/bin/cp
        
        cp -f /usr/bin/bsd-port/getty /usr/bin/ss
        5⤵
        Write file to user bin folder
        Reads runtime system information
        
        PID:1702
  - - /bin/sh
      sh -c "chmod 0755 /usr/bin/ss"
      4⤵
      File and Directory Permissions Modification
      PID:1703
    - - /usr/bin/chmod
        
        chmod 0755 /usr/bin/ss
        5⤵
        File and Directory Permissions Modification
        
        PID:1704
  - - /bin/sh
      sh -c "insmod /usr/lib/xpacket.ko"
      4⤵
      PID:1705
    - - /usr/sbin/insmod
        
        insmod /usr/lib/xpacket.ko
        5⤵
        Reads runtime system information
        
        PID:1706
- /bin/sh
  sh -c "mkdir -p /usr/bin"
  2⤵
  PID:1631
- - /usr/bin/mkdir
    mkdir -p /usr/bin
    3⤵
    - Reads runtime system information
    PID:1632
- /bin/sh
  sh -c "cp -f /tmp/fb32d9ed9ec428e273d020411369c13a_JaffaCakes118 /usr/bin/.sshd"
  2⤵
  PID:1633
- - /usr/bin/cp
    cp -f /tmp/fb32d9ed9ec428e273d020411369c13a_JaffaCakes118 /usr/bin/.sshd
    3⤵
    - Write file to user bin folder
    - Reads runtime system information
    PID:1634
- /bin/sh
  sh -c /usr/bin/.sshd
  2⤵
  PID:1636
- - /usr/bin/.sshd
    /usr/bin/.sshd
    3⤵
    - Executes dropped EXE
    - Reads runtime system information
    - Writes file to tmp directory
    PID:1637
- /bin/sh
  sh -c "insmod /usr/lib/xpacket.ko"
  2⤵
  PID:1639
- - /usr/sbin/insmod
    insmod /usr/lib/xpacket.ko
    3⤵
    - Reads runtime system information
    PID:1640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Boot or Logon Initialization Scripts

T1037

RC Scripts

T1037.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Boot or Logon Initialization Scripts

T1037

RC Scripts

T1037.004

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/init.d/DbSecuritySpt

Filesize
64B

MD5
36fb111027ce16efb7bbbfcdc5d91d33

SHA1
61e6386726851d9d77879cacd2a3a4ed7e9cd332

SHA256
88405a77178f632cb433c8d9ef7d58cd18d955aec716caa68bdff878d838b960

SHA512
9edaf1758486894d00b0869844e5d9a03ad88c8f3e4975236b2f6a7c0146c32fc69048b735441ba8adb35ac82c389b20ba5379bbf447822df8f6e599c4640b23

Download Submit
/etc/init.d/selinux

Filesize
36B

MD5
993cc15058142d96c3daf7852c3d5ee8

SHA1
0950b8b391b04dd3895ea33cd3141543ebd2525d

SHA256
8171d077918611803d93088409f220c66fae1c670b297e1aa5d8cbd548ce9208

SHA512
0c4256c00a3710f97e92581b552682b36b62afc35fe72622c491323c618c19ea62611ac04ccafc3dfcde2254a2ebbd93b69b66795b16e36332293bed83adb928

Download Submit
/tmp/conf.n

Filesize
69B

MD5
e385ca97015f3c790b2476d98918ad31

SHA1
a8fe14d04ce06fa01b5b5a396c7df8ee21d5e1eb

SHA256
b917a6f68cfc35a13a31b9ceaf272d44c95c6485f29a5a7155fe9ffbcffaed6f

SHA512
4c8e102c76c1317318dcd87d80d41f29c7e2e180506ed1449dfcf4614a859ac16d6f587d78879bcfe12c032a97878cca20bda5eba99aa850582e82cafce455d4

Download Submit
/tmp/gates.lod

Filesize
4B

MD5
894b77f805bd94d292574c38c5d628d5

SHA1
1784f0e37c1fdd6200c1e8b28e8caae5402e74e0

SHA256
d24eac45e69be063cc0053eb02650954eec62c314c405e564a4d11e951392e75

SHA512
605b8ee18c6bd7c9d489faa803dc4c00fed6e7a4b21a9a69ba7b429642a06d7fe42e5fd45162f72fff76f1ec518c5840399c97d4ab0f7633651d35e2b19f2e05

Download Submit
/tmp/moni.lod

Filesize
4B

MD5
7e230522657ecdc50e4249581b861f8e

SHA1
db0477132b98737a6964423def574c8f78307501

SHA256
6df26dfff059f42aeb0607a761d34c2b820af73ab0c5bfb111f7fe9dadda850a

SHA512
dc5217e95f410349c1c25fdb340a412438068f536dc73bc340f6c1a731112cd99f454d3dbd242e1db0d04bed9b2909881c4a37a891fa7900c71a995c135f7ec6

Download Submit
/tmp/notify.file

Filesize
51B

MD5
4bc9ae677cadb9b471c746a3c0255f17

SHA1
042e09ea109dd9af401c14ba506efecb8406086c

SHA256
9a727f75e0e7a1f5fef74fb8d88c5afda64584015dc6df5ed5f1b9f3600c04da

SHA512
526b359d4b89b1341bc2e8845781ef82f84a3dba4d4f3c08a6b83204fea8bbc561f9553ae258f681c8d586ef98de6074bb2f447841d1992b42d143db4f6188c1

Download Submit
/usr/bin/bsd-port/getty

Filesize
1.1MB

MD5
fb32d9ed9ec428e273d020411369c13a

SHA1
cfee07acf58b774744494ef911bd0e0949e57bfc

SHA256
7d4529ae3fde5d8d91f90478708350497c859f9db88ce401c8eb40c9d1bd57a6

SHA512
59ece367cf98b1577b412f40055a988f8c3281c8e6072ed45743760dac487ccdf83b2f947d1f70032ac173014896b56bc98038945f02b6751ac28aa534a8943f

Download Submit
/usr/bin/dpkgd/lsof

Filesize
163KB

MD5
ab57b66cc531ae0f996963223e632b60

SHA1
bf7e5becd33f21c2539f5a75ffa0ab61c49c8795

SHA256
2484863a7bfda7f97b90bfd5dfceed4ec9f27dd51f9c5158c8daabbf4309b1df

SHA512
908acef13f3c1d80b7169ec3b16bb67006013453348fff75550bc3c6c2137e798b21d7990edbd5be63d756d9c41b06160aebf38aa80547e4bafa3a62596057f6

Download Submit
/usr/bin/dpkgd/ps

Filesize
138KB

MD5
8146139c2ad7e550b1d1f49480997446

SHA1
074db8890c3227bd8a588417f5b9bde637bcf3af

SHA256
207df9d438f75185ab3af2ab1173d104831a6631c28ef40d38b2ab43de27b40f

SHA512
b6d71d537f593b9af833e6f798e412e95fc486a313414ed8cca9639f61be7ac9dca700e9f861c0d07c7f65b3783127a67f829f422472cad8938ba01d397ab9de

Download Submit
/usr/bin/dpkgd/ss

Filesize
125KB

MD5
1b25ac945efae8520ba112b500e2d561

SHA1
8324c4d1d1427829266e82f203386232ff82af15

SHA256
5eb16d9a8bc81fe767725874e3f67623b8e86b46ec93546be49c5b09d3ab4636

SHA512
e191f967170ea4844f736c5ab75b7bf45fef3af34f0a4bef0d36475d646b0b089449fe39806664b9f6ce1984037687930cc368892230662c8c30f67fa3ac216e

Download Submit