Analysis

  • max time kernel
    0s
  • max time network
    132s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240729-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    04-11-2024 02:56

General

  • Target

    .__cli__

  • Size

    1.6MB

  • MD5

    d2fa42e2d9a121e9f295a3850d199338

  • SHA1

    7272c3d3715c112ad81016b2974fa9792d665a6d

  • SHA256

    a61e5ae0ebbd9b5ae0ba51e324a2447e2806a8fae6398ba1e68a7eccd9809b8c

  • SHA512

    fb80bbf8d015221ef2d86bab50b6829d13666e2b182d850d931283502b9e4b9fc265207a524b0e7f89701bb1f23e0e564f56a8db41c081f6846fa68b86d647fd

  • SSDEEP

    24576:+/oqs0pR74KpojOPFIQf8VA4JAL5+yrtzDof6zarJp//N2wH0TFgXRX1OcXNwwU4:+vsitIJALYyNofvrH//NT0BA1xLU4

Score
3/10

Malware Config

Signatures

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/.__cli__
    /tmp/.__cli__
    1⤵
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:1383
    • /usr/sbin/iptables
      iptables -A INPUT -p tcp --dport 61234 -j DROP
      2⤵
        PID:1387
      • /.__min__m
        /.__min__m --open --open-only -p5900-5999 --banners --source-port 61234 -oD /dev/stdout --exclude 0.0.0.0/8 --exclude 10.0.0.0/8 --exclude 100.64.0.0/10 --exclude 127.0.0.0/8 --exclude 169.254.0.0/16 --exclude 172.16.0.0/12 --exclude 192.0.0.0/24 --exclude 192.0.2.0/24 --exclude 192.88.99.0/24 --exclude 192.168.0.0/16 --exclude 192.18.0.0/15 --exclude 198.51.100.0/24 --exclude 203.0.113.0/24 --exclude 224.0.0.0/4 --exclude 233.252.0.0/24 --exclude 240.0.0.0/4 --exclude 255.255.255.255/32 --exclude 6.0.0.0/7 --exclude 9.0.0.0/8 --exclude 10.0.0.0/7 --exclude 19.0.0.0/8 --exclude 21.0.0.0/7 --exclude 25.0.0.0/7 --exclude 28.0.0.0/8 --exclude 29.0.0.0/7 --exclude 33.0.0.0/8 --exclude 48.0.0.0/8 --exclude 53.0.0.0/8 --exclude 55.0.0.0/7 --exclude 214.0.0.0/7 --rate 150000 72.0.0.0/8
        2⤵
          PID:1431

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1383-1-0x0000000000400000-0x000000000086c2c0-memory.dmp