Overview

overview

6

Static

static

1

CHINA-APT-.../dlump

ubuntu-18.04-amd64

CHINA-APT-.../dlump

debian-9-armhf

CHINA-APT-.../dlump

debian-9-mips

CHINA-APT-.../dlump

debian-9-mipsel

CHINA-APT-...l1/ccc

ubuntu-22.04-amd64

1

CHINA-APT-...l1/kde

ubuntu-22.04-amd64

6

CHINA-APT-.../udevd

ubuntu-24.04-amd64

6

CHINA-APT-...ile.sh

ubuntu-18.04-amd64

CHINA-APT-...ile.sh

debian-9-armhf

CHINA-APT-...ile.sh

debian-9-mips

CHINA-APT-...ile.sh

debian-9-mipsel

CHINA-APT-...p/a.js

windows7-x64

3

CHINA-APT-...p/a.js

windows10-2004-x64

3

CHINA-APT-...yy1.js

windows7-x64

3

CHINA-APT-...yy1.js

windows10-2004-x64

3

CHINA-APT-...gin.js

windows7-x64

3

CHINA-APT-...gin.js

windows10-2004-x64

3

CHINA-APT-...l1/kde

ubuntu-24.04-amd64

6

CHINA-APT-.../udevd

ubuntu-24.04-amd64

6

CHINA-APT-...nux.so

ubuntu-22.04-amd64

1

CHINA-APT-...m/dbus

ubuntu-24.04-amd64

6

Analysis

  • max time kernel
    148s
  • max time network
    131s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    21-11-2024 12:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CHINA-APT-Trojan/home/www/.Xl1/udevd

  • Size

    3.4MB

  • MD5

    1418fe9a743226b9661a2b6decb19db0

  • SHA1

    0ab53321bb9699d354a032259423175c08fec1a4

  • SHA256

    ccf8e4d6e661ceaea598851923bb8b983bd820ffd02448b8245e6ac780977784

  • SHA512

    548cedaa7e100ca49800878a164989fabe101c58d3dea316efe13b368b18e00899664167b533c3556d6e82697677529cbd1e73cdd87aacac87c12363322042a4

  • SSDEEP

    98304:UdgXuBCAPGHGXqiCz6eH+USFUFJYX25Ot:OPmhSWYL

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Write file to user bin folder 3 IoCs
    persistence
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to shm directory 2 IoCs

    Malware can drop malicious files in the shm directory which will run directly from RAM.

Processes

  • /tmp/CHINA-APT-Trojan/home/www/.Xl1/udevd
    /tmp/CHINA-APT-Trojan/home/www/.Xl1/udevd
    1⤵
    • Write file to user bin folder
    • Reads runtime system information
    • Writes file to shm directory
    PID:2509

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /dev/shm/sem.558VWF
    Filesize

    32B

    MD5

    fd8ebcfae4c6b0f76ae44176d5a08480

    SHA1

    0d520752af1739fb60832987aa02a025d1621b59

    SHA256

    c8387bf8dbadf1c9ba583a8d27b620f4bd13cee4ea2ef98bcb0e1bdfd6f3d8c8

    SHA512

    ddc3f4f30ee927a232084df67f92bf08ddeea12b4089f0662dcff27e66f07a19d15f453466731689bc1f6d22e4d0aa2364b60bbab7adb2bb7668935a2da0be75

    Download Submit

  • /usr/bin/.Xl1/conf
    Filesize

    1KB

    MD5

    d94245b59537d7615745d53063088b99

    SHA1

    226b93dbddd627648329fead55fb08ea72eb282e

    SHA256

    ea4e54d4226d43215b7b7e33da6a2b50e7967e33d077846e0a3dc3c376b364b0

    SHA512

    3335489ba636c6e81ca54b850f67fe6ef9b88ab4f091a30fe1bf9b5512a6e40d043c528a39e322443609bc5e0f4b528d8b916570b79584490a65cee3c52da1b9

    Download Submit

  • /usr/bin/.Xl1/conf
    Filesize

    1KB

    MD5

    52735a7d376596697966ef931b58d610

    SHA1

    72899537507bfa4684f69b13cd8b6d52015dd115

    SHA256

    6737b8a150bdebf5bb4648eee31eb8146e2f15347418f3ff5036725ea5f3fe87

    SHA512

    64d3dbc2e42e2a8a6b937fa60c7d6f9e858be0dbbbf1deb24d2fc017a558d351e50216741247ccbc67a7a128214c443a6dd0a0b7ad0c7af423f5efa43896f3ac

    Download Submit

  • /usr/bin/.Xl1/conf
    Filesize

    1KB

    MD5

    bcfd4f51ace637523dffdb11123277b2

    SHA1

    9b343d7a487d7b463b6fe6d449406cc27b6a794d

    SHA256

    27f93214994b8fba058bed5013debb720a2a62d83ddb82e128ce322b5bc976c0

    SHA512

    374614c8bcbfde5e99829d3a7ce509bb6252f0788ef8bd23da1b382e7beead8c4d18d67a928428a0f16830b08f4a348d9dbbb81f7be948d2c21fb121c8ccc4fa

    Download Submit

  • /usr/bin/.Xl1/conf
    Filesize

    1KB

    MD5

    2dd077239b4c839bc116cebf920d51c0

    SHA1

    56a3f8f5264b7548dbe9ece2bce8f45590c34fa8

    SHA256

    fa8328667ffaf6c99fbf8149acb5a6f4617a9cdad39c08505a8fae0edc2ed18a

    SHA512

    b6959f1d82c34f2e45ffd90e03532bc182d6231b075c5c27c4014ae2326124759f0b62b4eafb88f8b3f44e3f46e62961effd302dc7001ec2c9953a55fba10978

    Download Submit

  • /usr/bin/.Xl1/conf
    Filesize

    1KB

    MD5

    f254d4354834923858047658b62abc9c

    SHA1

    0aadfc4b05168fb1d1c3add0e4198e04fbaa9127

    SHA256

    8fe52655ff6c7790298554090aea624a8830e4f430b5859c7f24523f3b118a72

    SHA512

    958a43ea7f9d5ce2a8e5e202c7e6e1788057210e4b36b40a99116d6b3d0708337040ced4d1f56548c6c19eea385a16ccb233e3d176771a2e4d29ca5e1d5ef104

    Download Submit

  • /usr/bin/.Xl1/data/gphoto2
    Filesize

    3.3MB

    MD5

    06ccc4c875bfeca01132b415ec0f4391

    SHA1

    3f2dd2ac795396b29645584843e5a46f4cf9de02

    SHA256

    cf20b5a462cb8a85765b0653b83e47c8898f848dffc1d0b39cddeaf7c0d040cc

    SHA512

    462215e0d99a9d8c4debc68cc8f84cba488ce26ababffaa1ffe9cf756c715979161b90f2e3e46c3dfb173d3a2fa7bfd4b2671fd6576ac7cb0011ccb587da0d59

    Download Submit

  • /usr/bin/.Xl1/f1
    Filesize

    4B

    MD5

    083e90a484ee81fea834b667eb997c1c

    SHA1

    ffd9e818631ed3d9f46125f27898f64b7dfb15b0

    SHA256

    09a5737b5c1aeeba057d88a00e8a43f32b63bedb4ebe39185d5066c6eff26a44

    SHA512

    a17f4bf17ce22539856cc65e9ea64e6813826bacab120746119d97aa7d16cfc51d91273ccbccf61e2e0c739525a21dce3e2dfee07e049e539a870e8e3f38d319

    Download Submit