Overview

overview

10

Static

static

5

.systemd/.i686

ubuntu-22.04-amd64

3

.systemd/.run

ubuntu-18.04-amd64

7

.systemd/.run

debian-9-armhf

6

.systemd/.run

debian-9-mips

6

.systemd/.run

debian-9-mipsel

6

.systemd/.x86_64

ubuntu-24.04-amd64

10

.systemd/auto

ubuntu-18.04-amd64

7

.systemd/auto

debian-9-armhf

7

.systemd/auto

debian-9-mips

7

.systemd/auto

debian-9-mipsel

7

.systemd/clean

ubuntu-18.04-amd64

1

.systemd/clean

debian-9-armhf

1

.systemd/clean

debian-9-mips

1

.systemd/clean

debian-9-mipsel

1

.systemd/go

ubuntu-18.04-amd64

1

.systemd/go

debian-9-armhf

1

.systemd/go

debian-9-mips

1

.systemd/go

debian-9-mipsel

1

.systemd/ntpdate

ubuntu-18.04-amd64

7

.systemd/ntpdate

debian-9-armhf

7

.systemd/ntpdate

debian-9-mips

7

.systemd/ntpdate

debian-9-mipsel

7

.update/.i686

ubuntu-20.04-amd64

6

.update/.run

ubuntu-18.04-amd64

3

.update/.run

debian-9-armhf

3

.update/.run

debian-9-mips

3

.update/.run

debian-9-mipsel

3

.update/.x86_64

ubuntu-22.04-amd64

10

.update/auth

ubuntu-18.04-amd64

8

.update/auth

debian-9-armhf

8

.update/auth

debian-9-mips

8

.update/auth

debian-9-mipsel

8

Analysis

  • max time kernel
    1s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240729-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    08-11-2024 11:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .systemd/auto

  • Size

    546B

  • MD5

    e587a0a58aaac49aeb3bf0eff743eab2

  • SHA1

    636b68d9e02328e5d68880e22fdf73f6e0df4a66

  • SHA256

    7c7fef23a91fb19f98f584f545a27f58bdf7eda4f57bd80d173825413ac6662d

  • SHA512

    4168c61744633ded40261c99cb06ddb07fea4bd6fbff6bfacabd1668166a86ba7f344b5d20c2933877860f204373b1560cdf398a25d1770c8b3a0f28146b7da9

Score
7/10
defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 1 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    executionpersistenceprivilege_escalatio
  • Reads runtime system information 3 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.systemd/auto
    /tmp/.systemd/auto
    1⤵
    • Writes file to tmp directory
    PID:740
    • /bin/uname
      uname -m
      2⤵
        PID:742
      • /bin/cat
        cat systemd.dir
        2⤵
          PID:743
        • /usr/bin/crontab
          crontab -l
          2⤵
          • Reads runtime system information
          PID:748
        • /bin/grep
          grep .systemd
          2⤵
            PID:750
          • /usr/bin/wc
            wc -l
            2⤵
              PID:751
            • /usr/bin/crontab
              crontab -l
              2⤵
              • Reads runtime system information
              PID:752
            • /usr/bin/crontab
              crontab systemd.d
              2⤵
              • Creates/modifies Cron job
              • Reads runtime system information
              PID:753
            • /bin/rm
              rm -rf systemd.d
              2⤵
                PID:755
              • /bin/chmod
                chmod u+x .systemd
                2⤵
                • File and Directory Permissions Modification
                PID:756

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /tmp/.systemd/.systemd
              Filesize

              127B

              MD5

              9ef2b0f44129dbed4b1284c1d748b10b

              SHA1

              2bb3bcea6f21a5567090bdacd84ca4b1482d9f68

              SHA256

              5a2aceb88f74b14be6fb451f8d7d0fb29b5eb5c14a1342c51fddbf312e158cf3

              SHA512

              e0daccbdd2034b50c8444482efda6d66988b19ac5424ae39452a643993fe3383c8be855a49c83cdaa37bbd1563c7dc0883d2bc96807471558a5bc4209a24738c

              Download Submit

            • /tmp/.systemd/systemd.dir
              Filesize

              14B

              MD5

              1f3a48ead214b69a4e5bbcc12a732ddb

              SHA1

              3391a93f27a805c58de438e5a50267af13b619ab

              SHA256

              8ebe6ec5aee16e2d6ea3fe45a22e72ad8f936a83a7fc9e82591885bcb45e322c

              SHA512

              386b19da83f4b8416d17960a3c0832b38521a3396dbf99501dcf03811e17d1696b18db4131f66375889afc2c44d791dd62239a86d3ba0fa614b8547480a7381d

              Download Submit

            • /var/spool/cron/crontabs/tmp.H4b4Eo
              Filesize

              216B

              MD5

              54e3db15261abf8fb2fe18e1bc40ac54

              SHA1

              1817d7f2f29f77d7a12c631828edbdce337e6a84

              SHA256

              74a6d7c05f80bf9fd583ad1e7d7422c6acdb640eb7c2dc0147b4d9f7d1950e0b

              SHA512

              4aecb5695a6db5fdb136f8520e4cbea9a4edb9b9968d69b006641a61ab257df78a85de7ac12ca5606abb6de67892b8416ac36db5a06ff5bce1927b4f0cc953ed

              Download Submit