Analysis
-
max time kernel
0s -
max time network
132s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240729-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
04-11-2024 02:56
Behavioral task
behavioral1
Sample
.__cli__
Resource
ubuntu2004-amd64-20240729-en
Behavioral task
behavioral2
Sample
.__min__
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral3
Sample
.__min__m
Resource
ubuntu2204-amd64-20240611-en
General
-
Target
.__cli__
-
Size
1.6MB
-
MD5
d2fa42e2d9a121e9f295a3850d199338
-
SHA1
7272c3d3715c112ad81016b2974fa9792d665a6d
-
SHA256
a61e5ae0ebbd9b5ae0ba51e324a2447e2806a8fae6398ba1e68a7eccd9809b8c
-
SHA512
fb80bbf8d015221ef2d86bab50b6829d13666e2b182d850d931283502b9e4b9fc265207a524b0e7f89701bb1f23e0e564f56a8db41c081f6846fa68b86d647fd
-
SSDEEP
24576:+/oqs0pR74KpojOPFIQf8VA4JAL5+yrtzDof6zarJp//N2wH0TFgXRX1OcXNwwU4:+vsitIJALYyNofvrH//NT0BA1xLU4
Malware Config
Signatures
-
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
.__cli__description ioc process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size .__cli__ -
Processes:
.__cli__description ioc process File opened for reading /proc/self/exe .__cli__
Processes
-
/tmp/.__cli__/tmp/.__cli__1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1383 -
/usr/sbin/iptablesiptables -A INPUT -p tcp --dport 61234 -j DROP2⤵PID:1387
-
/.__min__m/.__min__m --open --open-only -p5900-5999 --banners --source-port 61234 -oD /dev/stdout --exclude 0.0.0.0/8 --exclude 10.0.0.0/8 --exclude 100.64.0.0/10 --exclude 127.0.0.0/8 --exclude 169.254.0.0/16 --exclude 172.16.0.0/12 --exclude 192.0.0.0/24 --exclude 192.0.2.0/24 --exclude 192.88.99.0/24 --exclude 192.168.0.0/16 --exclude 192.18.0.0/15 --exclude 198.51.100.0/24 --exclude 203.0.113.0/24 --exclude 224.0.0.0/4 --exclude 233.252.0.0/24 --exclude 240.0.0.0/4 --exclude 255.255.255.255/32 --exclude 6.0.0.0/7 --exclude 9.0.0.0/8 --exclude 10.0.0.0/7 --exclude 19.0.0.0/8 --exclude 21.0.0.0/7 --exclude 25.0.0.0/7 --exclude 28.0.0.0/8 --exclude 29.0.0.0/7 --exclude 33.0.0.0/8 --exclude 48.0.0.0/8 --exclude 53.0.0.0/8 --exclude 55.0.0.0/7 --exclude 214.0.0.0/7 --rate 150000 72.0.0.0/82⤵PID:1431