Overview

overview

10

Static

static

5

.systemd/.i686

ubuntu-22.04-amd64

3

.systemd/.run

ubuntu-18.04-amd64

7

.systemd/.run

debian-9-armhf

6

.systemd/.run

debian-9-mips

6

.systemd/.run

debian-9-mipsel

6

.systemd/.x86_64

ubuntu-24.04-amd64

10

.systemd/auto

ubuntu-18.04-amd64

7

.systemd/auto

debian-9-armhf

7

.systemd/auto

debian-9-mips

7

.systemd/auto

debian-9-mipsel

7

.systemd/clean

ubuntu-18.04-amd64

1

.systemd/clean

debian-9-armhf

1

.systemd/clean

debian-9-mips

1

.systemd/clean

debian-9-mipsel

1

.systemd/go

ubuntu-18.04-amd64

1

.systemd/go

debian-9-armhf

1

.systemd/go

debian-9-mips

1

.systemd/go

debian-9-mipsel

1

.systemd/ntpdate

ubuntu-18.04-amd64

7

.systemd/ntpdate

debian-9-armhf

7

.systemd/ntpdate

debian-9-mips

7

.systemd/ntpdate

debian-9-mipsel

7

.update/.i686

ubuntu-20.04-amd64

6

.update/.run

ubuntu-18.04-amd64

3

.update/.run

debian-9-armhf

3

.update/.run

debian-9-mips

3

.update/.run

debian-9-mipsel

3

.update/.x86_64

ubuntu-22.04-amd64

10

.update/auth

ubuntu-18.04-amd64

8

.update/auth

debian-9-armhf

8

.update/auth

debian-9-mips

8

.update/auth

debian-9-mipsel

8

Analysis

  • max time kernel
    0s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    08-11-2024 11:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .update/.run

  • Size

    485B

  • MD5

    279171e9a52627c005d882b4c31f0158

  • SHA1

    419d14ecd9ba9b819219db32624e7d6244b36d3e

  • SHA256

    4257bc327cf5312bb7b76154c0d3c31a8845288955611dfc937b75cb86073fb7

  • SHA512

    a7d4cda901507e9327e92450386032fe678e9a3e281a3e4139c3f3e109e15ac10de9aeb1a6eb976b45f2aa4f0ea3d60a5ef4376fd82cba7795c9eeab5162c665

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.update/.run
    /tmp/.update/.run
    1⤵
    • Writes file to tmp directory
    PID:1508
    • /bin/uname
      uname -m
      2⤵
        PID:1509
      • /bin/cat
        cat update.dir
        2⤵
          PID:1511
        • /tmp/.update/.x86_64
          ./.x86_64 -f
          2⤵
            PID:1512

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/.update/.update
          Filesize

          116B

          MD5

          b6bd725d6b274dd0e0b8f5535fce571b

          SHA1

          419ef40db06a3220262166fa98db357c0ac017fa

          SHA256

          d2baa726c79e389cb82c2298f854d853aeebc175369f00a4d21eb3dbd03e8bcf

          SHA512

          c934ad46180bd3e3e3590658ed1f2cc55f48279a099d2bbf852c21af6840f04d9c41f47a8ddf5685e484f76730c4254d85c5c4b4561d9e3d33d1ec089f5e7578

          Download Submit

        • /tmp/.update/update.dir
          Filesize

          13B

          MD5

          f162d09e078b8201089b7e20ea72f2bf

          SHA1

          f7da8700cd21e201f62a17992d2ac15c09c447a1

          SHA256

          2162d6f6fadf44bb1db38ea55ec80a7006c269061de5141bf9f4743ec9cd95fb

          SHA512

          adb0481faeeb35926c8ba2bf2549e7b43dc40864ebfb8c40274d5021dfc3d87a8c2c2aa2996a28068c061ae13c404e85e870a23a67a709b4522134ce2be221cb

          Download Submit