General

  • Target

    Zpool.zip

  • Size

    6KB

  • Sample

    241122-vyy9javlcs

  • MD5

    e1bf69e4c8ad4a1e469778ade1642e31

  • SHA1

    ced49d548ab40911dc0cccb37517b65669d5c263

  • SHA256

    ca412519a35725e83b280e844d5b9405e3fb657beda992e3fd9a93f8ccc5b97c

  • SHA512

    9f293e67006ff97116685f1bbf584c08fb793f963856186e1f3b4f5a39fe1d15f55a903805ddd4de4face9b4451ad4fe2e6cb62a1222ea3b8725d69170cde4cd

  • SSDEEP

    192:iDvcIyu+N1sT5jilBFGoeHPSUdYWfZb6BEt073Ov4DE5zejq+icYesgnVSZbRFMG:IYlXk

Malware Config

Targets

    • Target

      Zpool/zpool (1).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (10).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (11).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (12).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (13).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (14).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (15).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (16).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (17).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (18).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (19).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (2).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (20).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (21).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (22).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (23).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (24).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (25).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (26).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (27).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (28).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (29).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (3).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (30).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (31).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (4).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (5).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (6).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (7).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (8).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool (9).sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Target

      Zpool/zpool.sh

    • Size

      49B

    • MD5

      2d4e3d86813e8bc337b7565f6bbc0559

    • SHA1

      de0dacff5444454eb9362acbc70dec4d2bb47aa0

    • SHA256

      69874cb18252ea07c3e46dfc7b3ededc543fc29d85e79c8a12f3fe687525b89b

    • SHA512

      c86c06880d4d04783d281ffc4ebfb7f32699abcad0be54a519a9ef75d828d66fe9845db830b443575e30ea3bcd5665490d078a7d1e576779adf853e7772f4e7a

    Score
    6/10
    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

discovery
Score
6/10

behavioral2

discovery
Score
6/10

behavioral3

discovery
Score
6/10

behavioral4

discovery
Score
6/10

behavioral5

discovery
Score
6/10

behavioral6

discovery
Score
6/10

behavioral7

antivmdiscovery
Score
6/10

behavioral8

discovery
Score
6/10

behavioral9

discovery
Score
6/10

behavioral10

antivmdiscovery
Score
6/10

behavioral11

discovery
Score
6/10

behavioral12

discovery
Score
6/10

behavioral13

discovery
Score
6/10

behavioral14

discovery
Score
6/10

behavioral15

discovery
Score
6/10

behavioral16

discovery
Score
6/10

behavioral17

discovery
Score
6/10

behavioral18

discovery
Score
6/10

behavioral19

antivmdiscovery
Score
6/10

behavioral20

discovery
Score
6/10

behavioral21

discovery
Score
6/10

behavioral22

antivmdiscovery
Score
6/10

behavioral23

discovery
Score
6/10

behavioral24

discovery
Score
6/10

behavioral25

discovery
Score
6/10

behavioral26

discovery
Score
6/10

behavioral27

antivmdiscovery
Score
6/10

behavioral28

discovery
Score
6/10

behavioral29

discovery
Score
6/10

behavioral30

discovery
Score
6/10

behavioral31

discovery
Score
6/10

behavioral32

discovery
Score
6/10