Overview
overview
10Static
static
5.systemd/.i686
ubuntu-22.04-amd64
3.systemd/.run
ubuntu-18.04-amd64
7.systemd/.run
debian-9-armhf
6.systemd/.run
debian-9-mips
6.systemd/.run
debian-9-mipsel
6.systemd/.x86_64
ubuntu-24.04-amd64
10.systemd/auto
ubuntu-18.04-amd64
7.systemd/auto
debian-9-armhf
7.systemd/auto
debian-9-mips
7.systemd/auto
debian-9-mipsel
7.systemd/clean
ubuntu-18.04-amd64
1.systemd/clean
debian-9-armhf
1.systemd/clean
debian-9-mips
1.systemd/clean
debian-9-mipsel
1.systemd/go
ubuntu-18.04-amd64
1.systemd/go
debian-9-armhf
1.systemd/go
debian-9-mips
1.systemd/go
debian-9-mipsel
1.systemd/ntpdate
ubuntu-18.04-amd64
7.systemd/ntpdate
debian-9-armhf
7.systemd/ntpdate
debian-9-mips
7.systemd/ntpdate
debian-9-mipsel
7.update/.i686
ubuntu-20.04-amd64
6.update/.run
ubuntu-18.04-amd64
3.update/.run
debian-9-armhf
3.update/.run
debian-9-mips
3.update/.run
debian-9-mipsel
3.update/.x86_64
ubuntu-22.04-amd64
10.update/auth
ubuntu-18.04-amd64
8.update/auth
debian-9-armhf
8.update/auth
debian-9-mips
8.update/auth
debian-9-mipsel
8Analysis
-
max time kernel
2s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
08-11-2024 11:36
Behavioral task
behavioral1
Sample
.systemd/.i686
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral2
Sample
.systemd/.run
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral3
Sample
.systemd/.run
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral4
Sample
.systemd/.run
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral5
Sample
.systemd/.run
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral6
Sample
.systemd/.x86_64
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral7
Sample
.systemd/auto
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral8
Sample
.systemd/auto
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral9
Sample
.systemd/auto
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral10
Sample
.systemd/auto
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral11
Sample
.systemd/clean
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral12
Sample
.systemd/clean
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral13
Sample
.systemd/clean
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral14
Sample
.systemd/clean
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral15
Sample
.systemd/go
Resource
ubuntu1804-amd64-20240729-en
ubuntu-18.04-amd64
Behavioral task
behavioral16
Sample
.systemd/go
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral17
Sample
.systemd/go
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral18
Sample
.systemd/go
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral19
Sample
.systemd/ntpdate
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral20
Sample
.systemd/ntpdate
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral21
Sample
.systemd/ntpdate
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral22
Sample
.systemd/ntpdate
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral23
Sample
.update/.i686
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
Behavioral task
behavioral24
Sample
.update/.run
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral25
Sample
.update/.run
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral26
Sample
.update/.run
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral27
Sample
.update/.run
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral28
Sample
.update/.x86_64
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral29
Sample
.update/auth
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral30
Sample
.update/auth
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral31
Sample
.update/auth
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral32
Sample
.update/auth
Resource
debian9-mipsel-20240729-en
debian-9-mipsel
General
-
Target
.systemd/.run
-
Size
415B
-
MD5
4c7b4fb257df508abb56e1202d63fb9c
-
SHA1
b490c80ca53c03ad04adc3ac024cb58ae2456161
-
SHA256
19cb430a8f94daf1e4ff121e28814cc3f11493d640e555105c604702980b9117
-
SHA512
2f44151a628f8b94911db42a5d9a83d2ae7b828ab45854954c0579be898843016595da5cfdbe0d882853c6626f6519de3dfeb79eed196a6b008ef5e14132651d
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 3 IoCs
Processes:
pspspsdescription ioc Process File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps -
Processes:
pspspsawkcpdescription ioc Process File opened for reading /proc/79/status ps File opened for reading /proc/sys/kernel/osrelease ps File opened for reading /proc/317/cmdline ps File opened for reading /proc/167/stat ps File opened for reading /proc/729/cmdline ps File opened for reading /proc/732/stat ps File opened for reading /proc/9/status ps File opened for reading /proc/150/cmdline ps File opened for reading /proc/24/cmdline ps File opened for reading /proc/722/stat ps File opened for reading /proc/2/cmdline ps File opened for reading /proc/24/stat ps File opened for reading /proc/15/cmdline ps File opened for reading /proc/22/stat ps File opened for reading /proc/82/status ps File opened for reading /proc/345/stat ps File opened for reading /proc/9/cmdline ps File opened for reading /proc/13/status ps File opened for reading /proc/376/cmdline ps File opened for reading /proc/14/cmdline ps File opened for reading /proc/79/status ps File opened for reading /proc/732/cmdline ps File opened for reading /proc/318/status ps File opened for reading /proc/66/status ps File opened for reading /proc/368/stat ps File opened for reading /proc/105/cmdline ps File opened for reading /proc/70/status ps File opened for reading /proc/230/stat ps File opened for reading /proc/727/cmdline ps File opened for reading /proc/14/status ps File opened for reading /proc/19/status ps File opened for reading /proc/68/status ps File opened for reading /proc/9/cmdline ps File opened for reading /proc/741/status ps File opened for reading /proc/filesystems ps File opened for reading /proc/105/stat ps File opened for reading /proc/736/status ps File opened for reading /proc/12/status ps File opened for reading /proc/115/stat ps File opened for reading /proc/76/cmdline ps File opened for reading /proc/138/status ps File opened for reading /proc/15/status ps File opened for reading /proc/21/cmdline ps File opened for reading /proc/36/stat ps File opened for reading /proc/740/status ps File opened for reading /proc/78/stat ps File opened for reading /proc/657/stat ps File opened for reading /proc/115/stat ps File opened for reading /proc/698/cmdline ps File opened for reading /proc/716/cmdline ps File opened for reading /proc/11/cmdline ps File opened for reading /proc/6/cmdline ps File opened for reading /proc/self/maps awk File opened for reading /proc/3/cmdline ps File opened for reading /proc/669/status ps File opened for reading /proc/660/cmdline ps File opened for reading /proc/76/stat ps File opened for reading /proc/36/stat ps File opened for reading /proc/78/status ps File opened for reading /proc/138/status ps File opened for reading /proc/376/stat ps File opened for reading /proc/16/cmdline ps File opened for reading /proc/filesystems cp File opened for reading /proc/7/status ps -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
Processes
-
/tmp/.systemd/.run/tmp/.systemd/.run1⤵PID:718
-
/bin/grepgrep "ssh "2⤵PID:722
-
-
/bin/grepgrep -v R2⤵PID:723
-
-
/bin/psps x2⤵
- Reads CPU attributes
- Reads runtime system information
PID:721
-
-
/bin/grepgrep -v grep2⤵PID:724
-
-
/usr/bin/awkawk "{print \$1}"2⤵PID:725
-
-
/bin/psps x2⤵
- Reads CPU attributes
- Reads runtime system information
PID:731
-
-
/bin/grepgrep "ssh\$"2⤵PID:732
-
-
/bin/grepgrep -v R2⤵PID:733
-
-
/bin/grepgrep -v grep2⤵PID:734
-
-
/usr/bin/awkawk "{print \$1}"2⤵
- Reads runtime system information
PID:735
-
-
/bin/grepgrep -v R2⤵PID:740
-
-
/bin/grepgrep -v grep2⤵PID:741
-
-
/bin/grepgrep " sh\$"2⤵PID:739
-
-
/usr/bin/awkawk "{print \$1}"2⤵PID:742
-
-
/bin/psps x2⤵
- Reads CPU attributes
- Reads runtime system information
PID:738
-
-
/bin/unameuname -m2⤵PID:744
-
-
/bin/cpcp -f -- .mips -bash2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:745
-
-
/tmp/.systemd/-bash./-bash2⤵PID:746
-