Overview
overview
10Static
static
5.systemd/.i686
ubuntu-22.04-amd64
3.systemd/.run
ubuntu-18.04-amd64
7.systemd/.run
debian-9-armhf
6.systemd/.run
debian-9-mips
6.systemd/.run
debian-9-mipsel
6.systemd/.x86_64
ubuntu-24.04-amd64
10.systemd/auto
ubuntu-18.04-amd64
7.systemd/auto
debian-9-armhf
7.systemd/auto
debian-9-mips
7.systemd/auto
debian-9-mipsel
7.systemd/clean
ubuntu-18.04-amd64
1.systemd/clean
debian-9-armhf
1.systemd/clean
debian-9-mips
1.systemd/clean
debian-9-mipsel
1.systemd/go
ubuntu-18.04-amd64
1.systemd/go
debian-9-armhf
1.systemd/go
debian-9-mips
1.systemd/go
debian-9-mipsel
1.systemd/ntpdate
ubuntu-18.04-amd64
7.systemd/ntpdate
debian-9-armhf
7.systemd/ntpdate
debian-9-mips
7.systemd/ntpdate
debian-9-mipsel
7.update/.i686
ubuntu-20.04-amd64
6.update/.run
ubuntu-18.04-amd64
3.update/.run
debian-9-armhf
3.update/.run
debian-9-mips
3.update/.run
debian-9-mipsel
3.update/.x86_64
ubuntu-22.04-amd64
10.update/auth
ubuntu-18.04-amd64
8.update/auth
debian-9-armhf
8.update/auth
debian-9-mips
8.update/auth
debian-9-mipsel
8Analysis
-
max time kernel
2s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
08-11-2024 11:36
Behavioral task
behavioral1
Sample
.systemd/.i686
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral2
Sample
.systemd/.run
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral3
Sample
.systemd/.run
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral4
Sample
.systemd/.run
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral5
Sample
.systemd/.run
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral6
Sample
.systemd/.x86_64
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral7
Sample
.systemd/auto
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral8
Sample
.systemd/auto
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral9
Sample
.systemd/auto
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral10
Sample
.systemd/auto
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral11
Sample
.systemd/clean
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral12
Sample
.systemd/clean
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral13
Sample
.systemd/clean
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral14
Sample
.systemd/clean
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral15
Sample
.systemd/go
Resource
ubuntu1804-amd64-20240729-en
ubuntu-18.04-amd64
Behavioral task
behavioral16
Sample
.systemd/go
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral17
Sample
.systemd/go
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral18
Sample
.systemd/go
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral19
Sample
.systemd/ntpdate
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral20
Sample
.systemd/ntpdate
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral21
Sample
.systemd/ntpdate
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral22
Sample
.systemd/ntpdate
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral23
Sample
.update/.i686
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
Behavioral task
behavioral24
Sample
.update/.run
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral25
Sample
.update/.run
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral26
Sample
.update/.run
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral27
Sample
.update/.run
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral28
Sample
.update/.x86_64
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral29
Sample
.update/auth
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral30
Sample
.update/auth
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral31
Sample
.update/auth
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral32
Sample
.update/auth
Resource
debian9-mipsel-20240729-en
debian-9-mipsel
General
-
Target
.systemd/.run
-
Size
415B
-
MD5
4c7b4fb257df508abb56e1202d63fb9c
-
SHA1
b490c80ca53c03ad04adc3ac024cb58ae2456161
-
SHA256
19cb430a8f94daf1e4ff121e28814cc3f11493d640e555105c604702980b9117
-
SHA512
2f44151a628f8b94911db42a5d9a83d2ae7b828ab45854954c0579be898843016595da5cfdbe0d882853c6626f6519de3dfeb79eed196a6b008ef5e14132651d
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 3 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps -
description ioc Process File opened for reading /proc/16/stat ps File opened for reading /proc/18/status ps File opened for reading /proc/70/cmdline ps File opened for reading /proc/672/status ps File opened for reading /proc/13/status ps File opened for reading /proc/379/cmdline ps File opened for reading /proc/10/stat ps File opened for reading /proc/72/stat ps File opened for reading /proc/172/status ps File opened for reading /proc/10/status ps File opened for reading /proc/380/stat ps File opened for reading /proc/675/cmdline ps File opened for reading /proc/13/stat ps File opened for reading /proc/4/stat ps File opened for reading /proc/15/stat ps File opened for reading /proc/732/stat ps File opened for reading /proc/737/stat ps File opened for reading /proc/18/stat ps File opened for reading /proc/110/cmdline ps File opened for reading /proc/82/cmdline ps File opened for reading /proc/157/status ps File opened for reading /proc/232/cmdline ps File opened for reading /proc/1/cmdline ps File opened for reading /proc/4/cmdline ps File opened for reading /proc/728/cmdline ps File opened for reading /proc/385/stat ps File opened for reading /proc/726/status ps File opened for reading /proc/232/stat ps File opened for reading /proc/334/stat ps File opened for reading /proc/334/status ps File opened for reading /proc/3/stat ps File opened for reading /proc/12/status ps File opened for reading /proc/337/status ps File opened for reading /proc/11/cmdline ps File opened for reading /proc/10/status ps File opened for reading /proc/1/cmdline ps File opened for reading /proc/20/status ps File opened for reading /proc/749/cmdline ps File opened for reading /proc/10/cmdline ps File opened for reading /proc/686/status ps File opened for reading /proc/728/status ps File opened for reading /proc/sys/kernel/pid_max ps File opened for reading /proc/122/status ps File opened for reading /proc/365/stat ps File opened for reading /proc/70/stat ps File opened for reading /proc/73/cmdline ps File opened for reading /proc/9/status ps File opened for reading /proc/17/stat ps File opened for reading /proc/706/cmdline ps File opened for reading /proc/9/cmdline ps File opened for reading /proc/750/cmdline ps File opened for reading /proc/3/status ps File opened for reading /proc/12/stat ps File opened for reading /proc/17/cmdline ps File opened for reading /proc/725/cmdline ps File opened for reading /proc/73/cmdline ps File opened for reading /proc/75/stat ps File opened for reading /proc/675/cmdline ps File opened for reading /proc/232/stat ps File opened for reading /proc/247/stat ps File opened for reading /proc/736/status ps File opened for reading /proc/22/cmdline ps File opened for reading /proc/36/status ps File opened for reading /proc/3/status ps -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 754 cp
Processes
-
/tmp/.systemd/.run/tmp/.systemd/.run1⤵PID:729
-
/bin/grepgrep -v R2⤵PID:733
-
-
/bin/psps x2⤵
- Reads CPU attributes
- Reads runtime system information
PID:731
-
-
/bin/grepgrep "ssh "2⤵PID:732
-
-
/bin/grepgrep -v grep2⤵PID:734
-
-
/usr/bin/awkawk "{print \$1}"2⤵PID:735
-
-
/bin/psps x2⤵
- Reads CPU attributes
- Reads runtime system information
PID:740
-
-
/bin/grepgrep "ssh\$"2⤵PID:741
-
-
/bin/grepgrep -v R2⤵PID:742
-
-
/bin/grepgrep -v grep2⤵PID:743
-
-
/usr/bin/awkawk "{print \$1}"2⤵PID:744
-
-
/bin/grepgrep -v R2⤵PID:749
-
-
/bin/grepgrep " sh\$"2⤵PID:748
-
-
/bin/psps x2⤵
- Reads CPU attributes
- Reads runtime system information
PID:747
-
-
/bin/grepgrep -v grep2⤵PID:750
-
-
/usr/bin/awkawk "{print \$1}"2⤵PID:751
-
-
/bin/unameuname -m2⤵PID:753
-
-
/bin/cpcp -f -- .mips -bash2⤵
- System Network Configuration Discovery
PID:754
-
-
/tmp/.systemd/-bash./-bash2⤵PID:755
-