Overview

overview

10

Static

static

10

Vvv/betaa/...DME.js

windows7-x64

3

Vvv/betaa/...DME.js

windows10-2004-x64

3

Vvv/betaa/...lit.py

ubuntu-18.04-amd64

3

Vvv/betaa/...lit.py

debian-9-armhf

3

Vvv/betaa/...lit.py

debian-9-mips

3

Vvv/betaa/...lit.py

debian-9-mipsel

3

Vvv/betaa/...est.js

windows7-x64

3

Vvv/betaa/...est.js

windows10-2004-x64

3

Vvv/betaa/...x.html

windows7-x64

3

Vvv/betaa/...x.html

windows10-2004-x64

3

Vvv/betaa/...t.html

windows7-x64

3

Vvv/betaa/...t.html

windows10-2004-x64

3

Vvv/betaa/...x.html

windows7-x64

3

Vvv/betaa/...x.html

windows10-2004-x64

3

Vvv/betaa/...t.html

windows7-x64

3

Vvv/betaa/...t.html

windows10-2004-x64

3

Vvv/betaa/...x.html

windows7-x64

3

Vvv/betaa/...x.html

windows10-2004-x64

3

Vvv/betaa/...t.html

windows7-x64

3

Vvv/betaa/...t.html

windows10-2004-x64

3

Vvv/betaa/...64.dll

windows7-x64

1

Vvv/betaa/...64.dll

windows10-2004-x64

1

Vvv/betaa/...ses.js

windows7-x64

3

Vvv/betaa/...ses.js

windows10-2004-x64

3

Vvv/betaa/...er.exe

windows7-x64

7

Vvv/betaa/...er.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    1s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    02-11-2024 14:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Vvv/betaa/betaa/backends/include/httplib/split.py

  • Size

    1KB

  • MD5

    27ab5484b713bdbea38e827a719be90c

  • SHA1

    912ca047320cfa917748ce0068dcf4bbadb73898

  • SHA256

    b0809088aab7733e50606ad8250fe851ea12ec9381e896fc12969d0e1d3e124f

  • SHA512

    0091e3a01c3d66f92916e8a7e788b6cb1d628d2fe263092f1cafd67bad2cf91302009c1f132e83d0686a06b819cb3fa9b335148073522eb4090c775432ea28a5

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: Python 1 TTPs 4 IoCs

    Execution via Python.

    execution
  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/Vvv/betaa/betaa/backends/include/httplib/split.py
    /tmp/Vvv/betaa/betaa/backends/include/httplib/split.py
    1⤵
      PID:764
    • /usr/local/sbin/python3
      python3 /tmp/Vvv/betaa/betaa/backends/include/httplib/split.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:764
    • /usr/local/bin/python3
      python3 /tmp/Vvv/betaa/betaa/backends/include/httplib/split.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:764
    • /usr/sbin/python3
      python3 /tmp/Vvv/betaa/betaa/backends/include/httplib/split.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:764
    • /usr/bin/python3
      python3 /tmp/Vvv/betaa/betaa/backends/include/httplib/split.py
      1⤵
      • Command and Scripting Interpreter: Python
      • Writes file to tmp directory
      PID:764

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /tmp/Vvv/betaa/betaa/backends/include/httplib/out/httplib.h
      Filesize

      75KB

      MD5

      60211a549c5eaaa9e9457a5b79858f46

      SHA1

      e9b270bb3e693617847e750cbcfcce3b3d1c04cc

      SHA256

      39dc9a57f4f711b0c4b526ce86cc22c85cbeb9d582e3bbd7c706decc10185ced

      SHA512

      139d30be5bc5b9011bc11849debea5a0159e80318dd27af9675fb2855a4a59d61f35676a48ace92d1f4015ecd4642a3acbe42e82ffc4c5bde5aff9cd800bd9e2

      Download Submit