Analysis
-
max time kernel
84s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
09-11-2024 04:09
Behavioral task
behavioral1
Sample
tyo2831qq.x86.elf
Resource
ubuntu1804-amd64-20240611-en
General
-
Target
tyo2831qq.x86.elf
-
Size
164KB
-
MD5
4ac062e7bafef554949de20763c54f7b
-
SHA1
24355a299d9aca3953a9fac256cdaf7be0249fda
-
SHA256
33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0
-
SHA512
b12f82c346dbe62b6a96e7c9d3185eb2fdca9cc29ba83e29a102fd746c93d72d919d8146840ab9338dc8a25a7fb2b400a0cd9d0ac2ea5a0471d283f81d115bb9
-
SSDEEP
3072:62RroorS3/kjk3GWOwnzuXr+wMxphaMpFncunTieFIMK0UpW2mBT38dAY4:6IrqnrVxphaM2SFcRmBT38dAY4
Malware Config
Extracted
gafgyt
31.172.80.237:706
Signatures
-
Detected Gafgyt variant 2 IoCs
Processes:
resource yara_rule /tmp/filetypTHP family_gafgyt /tmp/filetypTHP family_gafgyt -
Gafgyt family
-
Executes dropped EXE 44 IoCs
Processes:
filetypTHPfiletPWVCXfile4IrhXZfilejjfKV2fileol5O31fileRICDTWfile25mfc0fileKea4vVfileTWdAI5fileHDP6ydfiledx7FQdfileL8oi2gfileuxsdXifilemB0QBjfilee3PW3ifile5hx6Xgfileo1GgxgfilePDohpmfile9EdyXlfileUa1NVlfile8uMF1lfileeInw9lfileQgrnfhfile8Lj3VhfilewYrpbgfilethKssdfileuRpwAafilee4x1rdfileMg1YGgfileIsHo9jfile9HaENnfilejx9O4rfile39w9Izfilek2O76zfileLx7EhHfilepBA5XPfile4KvgdLfileNWoLxHfileJuCPdHfile8xdTOMfileHWigTKfileaEomLOfile0dGPLUfiletRQhiYioc pid process /tmp/filetypTHP 1504 filetypTHP /tmp/filetPWVCX 1505 filetPWVCX /tmp/file4IrhXZ 1506 file4IrhXZ /tmp/filejjfKV2 1507 filejjfKV2 /tmp/fileol5O31 1508 fileol5O31 /tmp/fileRICDTW 1509 fileRICDTW /tmp/file25mfc0 1510 file25mfc0 /tmp/fileKea4vV 1511 fileKea4vV /tmp/fileTWdAI5 1512 fileTWdAI5 /tmp/fileHDP6yd 1513 fileHDP6yd /tmp/filedx7FQd 1514 filedx7FQd /tmp/fileL8oi2g 1515 fileL8oi2g /tmp/fileuxsdXi 1516 fileuxsdXi /tmp/filemB0QBj 1517 filemB0QBj /tmp/filee3PW3i 1520 filee3PW3i /tmp/file5hx6Xg 1521 file5hx6Xg /tmp/fileo1Ggxg 1522 fileo1Ggxg /tmp/filePDohpm 1523 filePDohpm /tmp/file9EdyXl 1524 file9EdyXl /tmp/fileUa1NVl 1525 fileUa1NVl /tmp/file8uMF1l 1526 file8uMF1l /tmp/fileeInw9l 1527 fileeInw9l /tmp/fileQgrnfh 1528 fileQgrnfh /tmp/file8Lj3Vh 1529 file8Lj3Vh /tmp/filewYrpbg 1530 filewYrpbg /tmp/filethKssd 1531 filethKssd /tmp/fileuRpwAa 1532 fileuRpwAa /tmp/filee4x1rd 1533 filee4x1rd /tmp/fileMg1YGg 1534 fileMg1YGg /tmp/fileIsHo9j 1535 fileIsHo9j /tmp/file9HaENn 1536 file9HaENn /tmp/filejx9O4r 1537 filejx9O4r /tmp/file39w9Iz 1538 file39w9Iz /tmp/filek2O76z 1539 filek2O76z /tmp/fileLx7EhH 1540 fileLx7EhH /tmp/filepBA5XP 1541 filepBA5XP /tmp/file4KvgdL 1542 file4KvgdL /tmp/fileNWoLxH 1543 fileNWoLxH /tmp/fileJuCPdH 1544 fileJuCPdH /tmp/file8xdTOM 1545 file8xdTOM /tmp/fileHWigTK 1546 fileHWigTK /tmp/fileaEomLO 1547 fileaEomLO /tmp/file0dGPLU 1548 file0dGPLU /tmp/filetRQhiY 1549 filetRQhiY -
Creates/modifies Cron job 1 TTPs 44 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
filejjfKV2fileUa1NVlfile39w9IzfileJuCPdHfile4KvgdLfileRICDTWfilemB0QBjfilePDohpmfilethKssdfile9HaENnfile4IrhXZfileol5O31tyo2831qq.x86.elffileeInw9lfile8Lj3Vhfile8xdTOMfiletypTHPfileTWdAI5file8uMF1lfilee4x1rdfileHWigTKfileaEomLOfile25mfc0fileHDP6ydfiledx7FQdfile5hx6Xgfile9EdyXlfile0dGPLUfilek2O76zfileNWoLxHfiletPWVCXfileL8oi2gfilewYrpbgfileuRpwAafilejx9O4rfileMg1YGgfileIsHo9jfileLx7EhHfileKea4vVfileuxsdXifilee3PW3ifileo1GgxgfileQgrnfhfilepBA5XPdescription ioc process File opened for modification /etc/cron.hourly/0 filejjfKV2 File opened for modification /etc/cron.hourly/0 fileUa1NVl File opened for modification /etc/cron.hourly/0 file39w9Iz File opened for modification /etc/cron.hourly/0 fileJuCPdH File opened for modification /etc/cron.hourly/0 file4KvgdL File opened for modification /etc/cron.hourly/0 fileRICDTW File opened for modification /etc/cron.hourly/0 filemB0QBj File opened for modification /etc/cron.hourly/0 filePDohpm File opened for modification /etc/cron.hourly/0 filethKssd File opened for modification /etc/cron.hourly/0 file9HaENn File opened for modification /etc/cron.hourly/0 file4IrhXZ File opened for modification /etc/cron.hourly/0 fileol5O31 File opened for modification /etc/cron.hourly/0 tyo2831qq.x86.elf File opened for modification /etc/cron.hourly/0 fileeInw9l File opened for modification /etc/cron.hourly/0 file8Lj3Vh File opened for modification /etc/cron.hourly/0 file8xdTOM File opened for modification /etc/cron.hourly/0 filetypTHP File opened for modification /etc/cron.hourly/0 fileTWdAI5 File opened for modification /etc/cron.hourly/0 file8uMF1l File opened for modification /etc/cron.hourly/0 filee4x1rd File opened for modification /etc/cron.hourly/0 fileHWigTK File opened for modification /etc/cron.hourly/0 fileaEomLO File opened for modification /etc/cron.hourly/0 file25mfc0 File opened for modification /etc/cron.hourly/0 fileHDP6yd File opened for modification /etc/cron.hourly/0 filedx7FQd File opened for modification /etc/cron.hourly/0 file5hx6Xg File opened for modification /etc/cron.hourly/0 file9EdyXl File opened for modification /etc/cron.hourly/0 file0dGPLU File opened for modification /etc/cron.hourly/0 filek2O76z File opened for modification /etc/cron.hourly/0 fileNWoLxH File opened for modification /etc/cron.hourly/0 filetPWVCX File opened for modification /etc/cron.hourly/0 fileL8oi2g File opened for modification /etc/cron.hourly/0 filewYrpbg File opened for modification /etc/cron.hourly/0 fileuRpwAa File opened for modification /etc/cron.hourly/0 filejx9O4r File opened for modification /etc/cron.hourly/0 fileMg1YGg File opened for modification /etc/cron.hourly/0 fileIsHo9j File opened for modification /etc/cron.hourly/0 fileLx7EhH File opened for modification /etc/cron.hourly/0 fileKea4vV File opened for modification /etc/cron.hourly/0 fileuxsdXi File opened for modification /etc/cron.hourly/0 filee3PW3i File opened for modification /etc/cron.hourly/0 fileo1Ggxg File opened for modification /etc/cron.hourly/0 fileQgrnfh File opened for modification /etc/cron.hourly/0 filepBA5XP -
Writes file to system bin folder 1 IoCs
Processes:
tyo2831qq.x86.elfdescription ioc process File opened for modification /bin/ls tyo2831qq.x86.elf -
Processes:
fileaEomLOfilee3PW3ifile5hx6Xgfile39w9IzfileHWigTKfileMg1YGgfilejx9O4rfilepBA5XPfilejjfKV2fileo1GgxgfileQgrnfhfileuRpwAafile8uMF1lfilewYrpbgfileIsHo9jfile8xdTOMfile4IrhXZfile25mfc0fileTWdAI5fileHDP6ydtyo2831qq.x86.elffileL8oi2gfileuxsdXifile9EdyXlfile0dGPLUfile8Lj3Vhfilek2O76zfileLx7EhHfiletRQhiYfileol5O31filedx7FQdfilemB0QBjfilePDohpmfileJuCPdHfiletPWVCXfileKea4vVfileeInw9lfilee4x1rdfile9HaENnfile4KvgdLfileNWoLxHfiletypTHPfileRICDTWfileUa1NVlfilethKssddescription ioc process File opened for reading /proc/self/exe fileaEomLO File opened for reading /proc/self/exe filee3PW3i File opened for reading /proc/self/exe file5hx6Xg File opened for reading /proc/self/exe file39w9Iz File opened for reading /proc/self/exe fileHWigTK File opened for reading /proc/self/exe fileMg1YGg File opened for reading /proc/self/exe filejx9O4r File opened for reading /proc/self/exe filepBA5XP File opened for reading /proc/self/exe filejjfKV2 File opened for reading /proc/self/exe fileo1Ggxg File opened for reading /proc/self/exe fileQgrnfh File opened for reading /proc/self/exe fileuRpwAa File opened for reading /proc/self/exe file8uMF1l File opened for reading /proc/self/exe filewYrpbg File opened for reading /proc/self/exe fileIsHo9j File opened for reading /proc/self/exe file8xdTOM File opened for reading /proc/self/exe file4IrhXZ File opened for reading /proc/self/exe file25mfc0 File opened for reading /proc/self/exe fileTWdAI5 File opened for reading /proc/self/exe fileHDP6yd File opened for reading /proc/self/exe tyo2831qq.x86.elf File opened for reading /proc/self/exe fileL8oi2g File opened for reading /proc/self/exe fileuxsdXi File opened for reading /proc/self/exe file9EdyXl File opened for reading /proc/self/exe file0dGPLU File opened for reading /proc/self/exe file8Lj3Vh File opened for reading /proc/self/exe filek2O76z File opened for reading /proc/self/exe fileLx7EhH File opened for reading /proc/self/exe filetRQhiY File opened for reading /proc/self/exe fileol5O31 File opened for reading /proc/self/exe filedx7FQd File opened for reading /proc/self/exe filemB0QBj File opened for reading /proc/self/exe filePDohpm File opened for reading /proc/self/exe fileJuCPdH File opened for reading /proc/self/exe filetPWVCX File opened for reading /proc/self/exe fileKea4vV File opened for reading /proc/self/exe fileeInw9l File opened for reading /proc/self/exe filee4x1rd File opened for reading /proc/self/exe file9HaENn File opened for reading /proc/self/exe file4KvgdL File opened for reading /proc/self/exe fileNWoLxH File opened for reading /proc/self/exe filetypTHP File opened for reading /proc/self/exe fileRICDTW File opened for reading /proc/self/exe fileUa1NVl File opened for reading /proc/self/exe filethKssd -
Writes file to tmp directory 45 IoCs
Malware often drops required files in the /tmp directory.
Processes:
filetypTHPfiletPWVCXfileL8oi2gfileo1Ggxgfile8Lj3VhfileuRpwAafileMg1YGgfileNWoLxHtyo2831qq.x86.elffileuxsdXifilemB0QBjfilee3PW3ifileUa1NVlfilethKssdfilek2O76zfileJuCPdHfileaEomLOfileol5O31file25mfc0fileKea4vVfiledx7FQdfile5hx6Xgfilee4x1rdfile9HaENnfile0dGPLUfiletRQhiYfileRICDTWfilewYrpbgfilepBA5XPfileHWigTKfilejjfKV2fileTWdAI5fileHDP6ydfileIsHo9jfilejx9O4rfile4KvgdLfile8xdTOMfile4IrhXZfile9EdyXlfile8uMF1lfileeInw9lfilePDohpmfileQgrnfhfile39w9IzfileLx7EhHdescription ioc process File opened for modification /tmp/filetPWVCX filetypTHP File opened for modification /tmp/file4IrhXZ filetPWVCX File opened for modification /tmp/fileuxsdXi fileL8oi2g File opened for modification /tmp/filePDohpm fileo1Ggxg File opened for modification /tmp/filewYrpbg file8Lj3Vh File opened for modification /tmp/filee4x1rd fileuRpwAa File opened for modification /tmp/fileIsHo9j fileMg1YGg File opened for modification /tmp/fileJuCPdH fileNWoLxH File opened for modification /tmp/filetypTHP tyo2831qq.x86.elf File opened for modification /tmp/filemB0QBj fileuxsdXi File opened for modification /tmp/filee3PW3i filemB0QBj File opened for modification /tmp/file5hx6Xg filee3PW3i File opened for modification /tmp/file8uMF1l fileUa1NVl File opened for modification /tmp/fileuRpwAa filethKssd File opened for modification /tmp/fileLx7EhH filek2O76z File opened for modification /tmp/file8xdTOM fileJuCPdH File opened for modification /tmp/file0dGPLU fileaEomLO File opened for modification /tmp/fileRICDTW fileol5O31 File opened for modification /tmp/fileKea4vV file25mfc0 File opened for modification /tmp/fileTWdAI5 fileKea4vV File opened for modification /tmp/fileL8oi2g filedx7FQd File opened for modification /tmp/fileo1Ggxg file5hx6Xg File opened for modification /tmp/fileMg1YGg filee4x1rd File opened for modification /tmp/filejx9O4r file9HaENn File opened for modification /tmp/filetRQhiY file0dGPLU File opened for modification /tmp/fileRQyjt3 filetRQhiY File opened for modification /tmp/file25mfc0 fileRICDTW File opened for modification /tmp/filethKssd filewYrpbg File opened for modification /tmp/file4KvgdL filepBA5XP File opened for modification /tmp/fileaEomLO fileHWigTK File opened for modification /tmp/fileol5O31 filejjfKV2 File opened for modification /tmp/fileHDP6yd fileTWdAI5 File opened for modification /tmp/filedx7FQd fileHDP6yd File opened for modification /tmp/file9HaENn fileIsHo9j File opened for modification /tmp/file39w9Iz filejx9O4r File opened for modification /tmp/fileNWoLxH file4KvgdL File opened for modification /tmp/fileHWigTK file8xdTOM File opened for modification /tmp/filejjfKV2 file4IrhXZ File opened for modification /tmp/fileUa1NVl file9EdyXl File opened for modification /tmp/fileeInw9l file8uMF1l File opened for modification /tmp/fileQgrnfh fileeInw9l File opened for modification /tmp/file9EdyXl filePDohpm File opened for modification /tmp/file8Lj3Vh fileQgrnfh File opened for modification /tmp/filek2O76z file39w9Iz File opened for modification /tmp/filepBA5XP fileLx7EhH
Processes
-
/tmp/tyo2831qq.x86.elf/tmp/tyo2831qq.x86.elf1⤵
- Creates/modifies Cron job
- Writes file to system bin folder
- Reads runtime system information
- Writes file to tmp directory
PID:1500 -
/tmp/filetypTHP/tmp/tyo2831qq.x86.elf2⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1504 -
/tmp/filetPWVCX/tmp/tyo2831qq.x86.elf3⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1505 -
/tmp/file4IrhXZ/tmp/tyo2831qq.x86.elf4⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1506 -
/tmp/filejjfKV2/tmp/tyo2831qq.x86.elf5⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1507 -
/tmp/fileol5O31/tmp/tyo2831qq.x86.elf6⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1508 -
/tmp/fileRICDTW/tmp/tyo2831qq.x86.elf7⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1509 -
/tmp/file25mfc0/tmp/tyo2831qq.x86.elf8⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1510 -
/tmp/fileKea4vV/tmp/tyo2831qq.x86.elf9⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1511 -
/tmp/fileTWdAI5/tmp/tyo2831qq.x86.elf10⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1512 -
/tmp/fileHDP6yd/tmp/tyo2831qq.x86.elf11⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1513 -
/tmp/filedx7FQd/tmp/tyo2831qq.x86.elf12⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1514 -
/tmp/fileL8oi2g/tmp/tyo2831qq.x86.elf13⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1515 -
/tmp/fileuxsdXi/tmp/tyo2831qq.x86.elf14⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1516 -
/tmp/filemB0QBj/tmp/tyo2831qq.x86.elf15⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1517 -
/tmp/filee3PW3i/tmp/tyo2831qq.x86.elf16⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1520 -
/tmp/file5hx6Xg/tmp/tyo2831qq.x86.elf17⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1521 -
/tmp/fileo1Ggxg/tmp/tyo2831qq.x86.elf18⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1522 -
/tmp/filePDohpm/tmp/tyo2831qq.x86.elf19⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1523 -
/tmp/file9EdyXl/tmp/tyo2831qq.x86.elf20⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1524 -
/tmp/fileUa1NVl/tmp/tyo2831qq.x86.elf21⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1525 -
/tmp/file8uMF1l/tmp/tyo2831qq.x86.elf22⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1526 -
/tmp/fileeInw9l/tmp/tyo2831qq.x86.elf23⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1527 -
/tmp/fileQgrnfh/tmp/tyo2831qq.x86.elf24⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1528 -
/tmp/file8Lj3Vh/tmp/tyo2831qq.x86.elf25⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1529 -
/tmp/filewYrpbg/tmp/tyo2831qq.x86.elf26⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1530 -
/tmp/filethKssd/tmp/tyo2831qq.x86.elf27⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1531 -
/tmp/fileuRpwAa/tmp/tyo2831qq.x86.elf28⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1532 -
/tmp/filee4x1rd/tmp/tyo2831qq.x86.elf29⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1533 -
/tmp/fileMg1YGg/tmp/tyo2831qq.x86.elf30⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1534 -
/tmp/fileIsHo9j/tmp/tyo2831qq.x86.elf31⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1535 -
/tmp/file9HaENn/tmp/tyo2831qq.x86.elf32⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1536 -
/tmp/filejx9O4r/tmp/tyo2831qq.x86.elf33⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1537 -
/tmp/file39w9Iz/tmp/tyo2831qq.x86.elf34⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1538 -
/tmp/filek2O76z/tmp/tyo2831qq.x86.elf35⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1539 -
/tmp/fileLx7EhH/tmp/tyo2831qq.x86.elf36⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1540 -
/tmp/filepBA5XP/tmp/tyo2831qq.x86.elf37⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1541 -
/tmp/file4KvgdL/tmp/tyo2831qq.x86.elf38⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1542 -
/tmp/fileNWoLxH/tmp/tyo2831qq.x86.elf39⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1543 -
/tmp/fileJuCPdH/tmp/tyo2831qq.x86.elf40⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1544 -
/tmp/file8xdTOM/tmp/tyo2831qq.x86.elf41⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1545 -
/tmp/fileHWigTK/tmp/tyo2831qq.x86.elf42⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1546 -
/tmp/fileaEomLO/tmp/tyo2831qq.x86.elf43⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1547 -
/tmp/file0dGPLU/tmp/tyo2831qq.x86.elf44⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:1548 -
/tmp/filetRQhiY/tmp/tyo2831qq.x86.elf45⤵
- Executes dropped EXE
- Reads runtime system information
- Writes file to tmp directory
PID:1549
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD53f006f7f81fc17be7f4a0d3da0fad5de
SHA197a94d3d0654c6551057af3809b52572bd7f9f5d
SHA256982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf
SHA51297d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0
-
Filesize
156KB
MD5a8a6992775589faecef1bc8cf38bdfc5
SHA1b6903301aecf34539654f309b8c12773461920dc
SHA256cae053bfac71081a19bd64ae66f3fc9a149bcbe492eeb46d33647e01ab18eb52
SHA512dd803894a1bb9caa2bb4d1da70d35a531a7f76718d23392ff7ee511f489f413f2c79e82a3d7432685a36f470b69c74d211d18d050bee1a5d261c75131ee58fb8
-
Filesize
164KB
MD54ac062e7bafef554949de20763c54f7b
SHA124355a299d9aca3953a9fac256cdaf7be0249fda
SHA25633368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0
SHA512b12f82c346dbe62b6a96e7c9d3185eb2fdca9cc29ba83e29a102fd746c93d72d919d8146840ab9338dc8a25a7fb2b400a0cd9d0ac2ea5a0471d283f81d115bb9