Overview

overview

7

Static

static

3

UnrealIRCD...SE.vbs

windows7-x64

1

UnrealIRCD...SE.vbs

windows10-2004-x64

1

UnrealIRCD...rt.vbs

windows7-x64

1

UnrealIRCD...rt.vbs

windows10-2004-x64

1

UnrealIRCD...es.vbs

windows7-x64

1

UnrealIRCD...es.vbs

windows10-2004-x64

1

UnrealIRCD...Config

ubuntu-18.04-amd64

3

UnrealIRCD...Config

debian-9-armhf

3

UnrealIRCD...Config

debian-9-mips

3

UnrealIRCD...Config

debian-9-mipsel

3

UnrealIRCD...re.vbs

windows7-x64

1

UnrealIRCD...re.vbs

windows10-2004-x64

1

UnrealIRCD...nstall

ubuntu-18.04-amd64

1

UnrealIRCD...nstall

debian-9-armhf

1

UnrealIRCD...nstall

debian-9-mips

1

UnrealIRCD...nstall

debian-9-mipsel

1

UnrealIRCD...figure

ubuntu-18.04-amd64

7

UnrealIRCD...figure

debian-9-armhf

7

UnrealIRCD...figure

debian-9-mips

7

UnrealIRCD...figure

debian-9-mipsel

7

UnrealIRCD...lp.vbs

windows7-x64

1

UnrealIRCD...lp.vbs

windows10-2004-x64

1

UnrealIRCD...chk.in

ubuntu-18.04-amd64

1

UnrealIRCD...chk.in

debian-9-armhf

1

UnrealIRCD...chk.in

debian-9-mips

1

UnrealIRCD...chk.in

debian-9-mipsel

1

UnrealIRCD...dulize

ubuntu-18.04-amd64

3

UnrealIRCD...dulize

debian-9-armhf

3

UnrealIRCD...dulize

debian-9-mips

3

UnrealIRCD...dulize

debian-9-mipsel

3

UnrealIRCD...ns.vbs

windows7-x64

1

UnrealIRCD...ns.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    4s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    03/10/2024, 03:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    UnrealIRCD_1_.priv.ClearScreen/Unreal/modulize

  • Size

    630B

  • MD5

    ca1bdaba900e72db1189bf57307bdde5

  • SHA1

    e4b382ff467f734b3b6e66c4a2ae600c8bdb84f0

  • SHA256

    d4dfffc7af677db0e12cc4ea4225f2a045f3ec08918e51763dcfafaf872e5ad6

  • SHA512

    3c18c736e49156d99cb792248c5e159a526bdaaa945e56a067346c3ea33b6fb51bd1b79ead83f5bf69449414693c1da7688cd4f44228ee2ac652accd305e85e7

Score
3/10
discovery

Malware Config

Signatures

  • Reads runtime system information 14 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/UnrealIRCD_1_.priv.ClearScreen/Unreal/modulize
    /tmp/UnrealIRCD_1_.priv.ClearScreen/Unreal/modulize
    1⤵
    • Writes file to tmp directory
    PID:688
    • /usr/bin/tr
      tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ
      2⤵
        PID:691
      • /bin/cp
        cp .tmp
        2⤵
        • Reads runtime system information
        PID:694
      • /bin/sed
        sed "s/%TOKEN%//g" .tmp
        2⤵
        • Reads runtime system information
        PID:699
      • /bin/mv
        mv .tmp.1 .tmp
        2⤵
        • Reads runtime system information
        PID:700
      • /bin/sed
        sed "s/%COMMAND%//g" .tmp
        2⤵
        • Reads runtime system information
        PID:702
      • /bin/mv
        mv .tmp.1 .tmp
        2⤵
        • Reads runtime system information
        PID:703
      • /bin/sed
        sed "s/%UCOMMAND%//g" .tmp
        2⤵
        • Reads runtime system information
        PID:704
      • /bin/mv
        mv .tmp.1 .tmp
        2⤵
        • Reads runtime system information
        PID:705
      • /bin/sed
        sed "s/%MAXPARA%//g" .tmp
        2⤵
        • Reads runtime system information
        PID:707
      • /bin/mv
        mv .tmp.1 .tmp
        2⤵
        • Reads runtime system information
        PID:708
      • /bin/sed
        sed "s/%FILE%//g" .tmp
        2⤵
        • Reads runtime system information
        PID:709
      • /bin/mv
        mv .tmp.1 .tmp
        2⤵
        • Reads runtime system information
        PID:710
      • /bin/sed
        sed "s/%DESC%//g" .tmp
        2⤵
        • Reads runtime system information
        PID:711
      • /bin/mv
        mv .tmp.1 .tmp
        2⤵
        • Reads runtime system information
        PID:712
      • /bin/cat
        cat
        2⤵
          PID:713
        • /bin/cat
          cat
          2⤵
            PID:714
          • /bin/mv
            mv .tmp
            2⤵
            • Reads runtime system information
            PID:715

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /tmp/UnrealIRCD_1_.priv.ClearScreen/Unreal/.tmp
                Filesize

                1B

                MD5

                68b329da9893e34099c7d8ad5cb9c940

                SHA1

                adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

                SHA256

                01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

                SHA512

                be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

                Download Submit