Overview

overview

10

Static

static

5

.systemd/.i686

ubuntu-22.04-amd64

3

.systemd/.run

ubuntu-18.04-amd64

7

.systemd/.run

debian-9-armhf

6

.systemd/.run

debian-9-mips

6

.systemd/.run

debian-9-mipsel

6

.systemd/.x86_64

ubuntu-24.04-amd64

10

.systemd/auto

ubuntu-18.04-amd64

7

.systemd/auto

debian-9-armhf

7

.systemd/auto

debian-9-mips

7

.systemd/auto

debian-9-mipsel

7

.systemd/clean

ubuntu-18.04-amd64

1

.systemd/clean

debian-9-armhf

1

.systemd/clean

debian-9-mips

1

.systemd/clean

debian-9-mipsel

1

.systemd/go

ubuntu-18.04-amd64

1

.systemd/go

debian-9-armhf

1

.systemd/go

debian-9-mips

1

.systemd/go

debian-9-mipsel

1

.systemd/ntpdate

ubuntu-18.04-amd64

7

.systemd/ntpdate

debian-9-armhf

7

.systemd/ntpdate

debian-9-mips

7

.systemd/ntpdate

debian-9-mipsel

7

.update/.i686

ubuntu-20.04-amd64

6

.update/.run

ubuntu-18.04-amd64

3

.update/.run

debian-9-armhf

3

.update/.run

debian-9-mips

3

.update/.run

debian-9-mipsel

3

.update/.x86_64

ubuntu-22.04-amd64

10

.update/auth

ubuntu-18.04-amd64

8

.update/auth

debian-9-armhf

8

.update/auth

debian-9-mips

8

.update/auth

debian-9-mipsel

8

Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    08-11-2024 11:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .update/.run

  • Size

    485B

  • MD5

    279171e9a52627c005d882b4c31f0158

  • SHA1

    419d14ecd9ba9b819219db32624e7d6244b36d3e

  • SHA256

    4257bc327cf5312bb7b76154c0d3c31a8845288955611dfc937b75cb86073fb7

  • SHA512

    a7d4cda901507e9327e92450386032fe678e9a3e281a3e4139c3f3e109e15ac10de9aeb1a6eb976b45f2aa4f0ea3d60a5ef4376fd82cba7795c9eeab5162c665

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.update/.run
    /tmp/.update/.run
    1⤵
    • Writes file to tmp directory
    PID:667
    • /bin/uname
      uname -m
      2⤵
        PID:670
      • /bin/cat
        cat update.dir
        2⤵
          PID:673
        • /tmp/.update/.armv7l
          ./.armv7l -f
          2⤵
            PID:676

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/.update/.update
          Filesize

          116B

          MD5

          144c1506f2865d421680f10562c63251

          SHA1

          a66615eec6e36d204170e45cd5bab05280f61a17

          SHA256

          c36f0bd30acee23f4eeabc05598d5365df341c0372a68c935c30ff94d379f032

          SHA512

          2a2099e1a4fe4a86f1710934ec398d1dbdae1c0b9c04502af383318163d06d27f40dd9c6581a541ee11f36b743aaf127474ee244d224bfe5929f0c33c32eccd5

          Download Submit

        • /tmp/.update/update.dir
          Filesize

          13B

          MD5

          f162d09e078b8201089b7e20ea72f2bf

          SHA1

          f7da8700cd21e201f62a17992d2ac15c09c447a1

          SHA256

          2162d6f6fadf44bb1db38ea55ec80a7006c269061de5141bf9f4743ec9cd95fb

          SHA512

          adb0481faeeb35926c8ba2bf2549e7b43dc40864ebfb8c40274d5021dfc3d87a8c2c2aa2996a28068c061ae13c404e85e870a23a67a709b4522134ce2be221cb

          Download Submit