Malware Analysis Report

2025-01-03 09:58

Sample ID 241105-nk3lgaspdn
Target pics.zip
SHA256 8f8f51ed641d67b597e1793576ec67262ab5ee7382e6b3b6f3fd2bfaae7a792f
Tags
discovery qr link
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

8f8f51ed641d67b597e1793576ec67262ab5ee7382e6b3b6f3fd2bfaae7a792f

Threat Level: Likely benign

The file pics.zip was found to be: Likely benign.

Malicious Activity Summary

discovery qr link

System Network Configuration Discovery

One or more HTTP URLs in qr code identified

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-05 11:28

Signatures

One or more HTTP URLs in qr code identified

qr link

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bed.jpg]

Signatures

N/A

Processes

/tmp/pics/bed.jpg

[/tmp/pics/bed.jpg]

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsel-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics.zip]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/pics.zip N/A

Processes

/tmp/pics.zip

[/tmp/pics.zip]

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsel-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/amogus.gif]

Signatures

N/A

Processes

/tmp/pics/amogus.gif

[/tmp/pics/amogus.gif]

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

0s

Max time network

2s

Command Line

[/tmp/pics/bean.gif]

Signatures

N/A

Processes

/tmp/pics/bean.gif

[/tmp/pics/bean.gif]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bean.gif]

Signatures

N/A

Processes

/tmp/pics/bean.gif

[/tmp/pics/bean.gif]

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bear.png]

Signatures

N/A

Processes

/tmp/pics/bear.png

[/tmp/pics/bear.png]

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsbe-20240729-en

Max time kernel

0s

Command Line

[/tmp/pics.zip]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/pics.zip N/A

Processes

/tmp/pics.zip

[/tmp/pics.zip]

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/Thumbs.db]

Signatures

N/A

Processes

/tmp/pics/Thumbs.db

[/tmp/pics/Thumbs.db]

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsbe-20240729-en

Max time kernel

0s

Command Line

[/tmp/pics/bed2.jpg]

Signatures

N/A

Processes

/tmp/pics/bed2.jpg

[/tmp/pics/bed2.jpg]

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-armhf-20240729-en

Max time kernel

0s

Command Line

[/tmp/pics/bed2.webp]

Signatures

N/A

Processes

/tmp/pics/bed2.webp

[/tmp/pics/bed2.webp]

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsel-20240729-en

Max time kernel

0s

Command Line

[/tmp/pics/bed2.webp]

Signatures

N/A

Processes

/tmp/pics/bed2.webp

[/tmp/pics/bed2.webp]

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:29

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bed.jpg]

Signatures

N/A

Processes

/tmp/pics/bed.jpg

[/tmp/pics/bed.jpg]

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsel-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bed.jpg]

Signatures

N/A

Processes

/tmp/pics/bed.jpg

[/tmp/pics/bed.jpg]

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bed2.jpg]

Signatures

N/A

Processes

/tmp/pics/bed2.jpg

[/tmp/pics/bed2.jpg]

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bed2.jpg]

Signatures

N/A

Processes

/tmp/pics/bed2.jpg

[/tmp/pics/bed2.jpg]

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics.zip]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/pics.zip N/A

Processes

/tmp/pics.zip

[/tmp/pics.zip]

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/amogus.gif]

Signatures

N/A

Processes

/tmp/pics/amogus.gif

[/tmp/pics/amogus.gif]

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bed2.webp]

Signatures

N/A

Processes

/tmp/pics/bed2.webp

[/tmp/pics/bed2.webp]

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bean.gif]

Signatures

N/A

Processes

/tmp/pics/bean.gif

[/tmp/pics/bean.gif]

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsel-20240729-en

Max time kernel

0s

Command Line

[/tmp/pics/bean.gif]

Signatures

N/A

Processes

/tmp/pics/bean.gif

[/tmp/pics/bean.gif]

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bear.png]

Signatures

N/A

Processes

/tmp/pics/bear.png

[/tmp/pics/bear.png]

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsbe-20240729-en

Max time kernel

0s

Command Line

[/tmp/pics/bear.png]

Signatures

N/A

Processes

/tmp/pics/bear.png

[/tmp/pics/bear.png]

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsel-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bed2.jpg]

Signatures

N/A

Processes

/tmp/pics/bed2.jpg

[/tmp/pics/bed2.jpg]

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/Thumbs.db]

Signatures

N/A

Processes

/tmp/pics/Thumbs.db

[/tmp/pics/Thumbs.db]

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/amogus.gif]

Signatures

N/A

Processes

/tmp/pics/amogus.gif

[/tmp/pics/amogus.gif]

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

0s

Command Line

[/tmp/pics/bed2.webp]

Signatures

N/A

Processes

/tmp/pics/bed2.webp

[/tmp/pics/bed2.webp]

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics.zip]

Signatures

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /tmp/pics.zip N/A

Processes

/tmp/pics.zip

[/tmp/pics.zip]

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/Thumbs.db]

Signatures

N/A

Processes

/tmp/pics/Thumbs.db

[/tmp/pics/Thumbs.db]

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsel-20240729-en

Max time kernel

0s

Command Line

[/tmp/pics/Thumbs.db]

Signatures

N/A

Processes

/tmp/pics/Thumbs.db

[/tmp/pics/Thumbs.db]

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

1s

Command Line

[/tmp/pics/amogus.gif]

Signatures

N/A

Processes

/tmp/pics/amogus.gif

[/tmp/pics/amogus.gif]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsbe-20240729-en

Max time kernel

0s

Command Line

[/tmp/pics/bed.jpg]

Signatures

N/A

Processes

/tmp/pics/bed.jpg

[/tmp/pics/bed.jpg]

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-05 11:28

Reported

2024-11-05 11:28

Platform

debian9-mipsel-20240611-en

Max time kernel

0s

Command Line

[/tmp/pics/bear.png]

Signatures

N/A

Processes

/tmp/pics/bear.png

[/tmp/pics/bear.png]

Network

N/A

Files

N/A