8b37369d6435782c3c8c2771b5aae36291113e2ca19827c54191a7b91f56027d

Analysis

max time kernel
149s
max time network
147s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
23-11-2024 10:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yakuza.i686.elf
Size

120KB
MD5

119d26f6a01d623944b53b8eaf49eccd
SHA1

2f5de0c0fdb4ccd768b42fdb79fc1f9495766196
SHA256

8b37369d6435782c3c8c2771b5aae36291113e2ca19827c54191a7b91f56027d
SHA512

7d3f95ce10aecad0699091cab0b4c88b60dc865340ffc709e00c73a4418f990bef1f06048e07e0dc998e200de2161c9102273d6acbd6c39819195dd806015627
SSDEEP

3072:Z5oB5/hI5BNbOvwFM9XzYu2dZw2Bv69ny6JP/KTiFi:ZYhI5BQQIXzUZwcv69ny6JHKTiFi

Score

7^/10

discovery rootkit

Malware Config

Signatures

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2467	yakuza.i686.elf
2467	yakuza.i686.elf
2468	yakuza.i686.elf
2468	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2468	yakuza.i686.elf
2468	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2467	yakuza.i686.elf
2467	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2467	yakuza.i686.elf
2467	yakuza.i686.elf
2468	yakuza.i686.elf
2468	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2468	yakuza.i686.elf
2468	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2467	yakuza.i686.elf
2467	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2467	yakuza.i686.elf
2467	yakuza.i686.elf
2468	yakuza.i686.elf
2468	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2468	yakuza.i686.elf
2468	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2468	yakuza.i686.elf
2468	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2467	yakuza.i686.elf
2467	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2466	yakuza.i686.elf
2467	yakuza.i686.elf
2467	yakuza.i686.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill
File opened for reading	/sys/devices/system/cpu/possible	pkill

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill
File opened for reading	/sys/devices/system/node	pkill

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/2121/cgroup	pkill
File opened for reading	/proc/39/stat	pkill
File opened for reading	/proc/1089/stat	pkill
File opened for reading	/proc/1064/cgroup	pkill
File opened for reading	/proc/2177/ctty	pkill
File opened for reading	/proc/13/stat	pkill
File opened for reading	/proc/1664/status	pkill
File opened for reading	/proc/32/stat	pkill
File opened for reading	/proc/198/cgroup	pkill
File opened for reading	/proc/1677/ctty	pkill
File opened for reading	/proc/1334/cgroup	pkill
File opened for reading	/proc/1888/cgroup	pkill
File opened for reading	/proc/4/ctty	pkill
File opened for reading	/proc/17/status	pkill
File opened for reading	/proc/197/cgroup	pkill
File opened for reading	/proc/831/cgroup	pkill
File opened for reading	/proc/1677/ctty	pkill
File opened for reading	/proc/2466/status	pkill
File opened for reading	/proc/65/stat	pkill
File opened for reading	/proc/2466/cmdline	pkill
File opened for reading	/proc/1751/cmdline	pkill
File opened for reading	/proc/2403/cmdline	pkill
File opened for reading	/proc/889/status	pkill
File opened for reading	/proc/2108/cmdline	pkill
File opened for reading	/proc/2268/stat	pkill
File opened for reading	/proc/1976/cmdline	pkill
File opened for reading	/proc/1980/status	pkill
File opened for reading	/proc/1391/cmdline	pkill
File opened for reading	/proc/194/ctty	pkill
File opened for reading	/proc/37/status	pkill
File opened for reading	/proc/2467/cgroup	pkill
File opened for reading	/proc/34/ctty	pkill
File opened for reading	/proc/202/status	pkill
File opened for reading	/proc/7/cmdline	pkill
File opened for reading	/proc/1744/cmdline	pkill
File opened for reading	/proc/1925/cmdline	pkill
File opened for reading	/proc/2467/ctty	pkill
File opened for reading	/proc/2252/stat	pkill
File opened for reading	/proc/1926/cmdline	pkill
File opened for reading	/proc/1977/status	pkill
File opened for reading	/proc/126/status	pkill
File opened for reading	/proc/34/stat	pkill
File opened for reading	/proc/786/ctty	pkill
File opened for reading	/proc/385/stat	pkill
File opened for reading	/proc/1057/cmdline	pkill
File opened for reading	/proc/6/status	pkill
File opened for reading	/proc/40/status	pkill
File opened for reading	/proc/1779/cmdline	pkill
File opened for reading	/proc/1/status	pkill
File opened for reading	/proc/770/cmdline	pkill
File opened for reading	/proc/1781/cmdline	pkill
File opened for reading	/proc/198/cgroup	pkill
File opened for reading	/proc/188/stat	pkill
File opened for reading	/proc/1977/stat	pkill
File opened for reading	/proc/2099/ctty	pkill
File opened for reading	/proc/1054/cgroup	pkill
File opened for reading	/proc/820/cmdline	pkill
File opened for reading	/proc/198/cgroup	pkill
File opened for reading	/proc/1391/cmdline	pkill
File opened for reading	/proc/274/status	pkill
File opened for reading	/proc/32/ctty	pkill
File opened for reading	/proc/65/ctty	pkill
File opened for reading	/proc/727/ctty	pkill
File opened for reading	/proc/2468/ctty	pkill

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
2643	pkill

/tmp/yakuza.i686.elf
/tmp/yakuza.i686.elf
1⤵
- Loads a kernel module
PID:2465
- /usr/bin/pkill
  pkill -9 902i13
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2470
- /usr/bin/pkill
  pkill -9 BzSxLxBxeY
  2⤵
  PID:2476
- /usr/bin/pkill
  pkill -9 HOHO-LUGO7
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2478
- /usr/bin/pkill
  pkill -9 HOHO-U79OL
  2⤵
  - Reads runtime system information
  PID:2492
- /usr/bin/pkill
  pkill -9 JuYfouyf87
  2⤵
  PID:2500
- /usr/bin/pkill
  pkill -9 NiGGeR69xd
  2⤵
  PID:2502
- /usr/bin/pkill
  pkill -9 SO190Ij1X
  2⤵
  - Reads CPU attributes
  PID:2504
- /usr/bin/pkill
  pkill -9 LOLKIKEEEDDE
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2506
- /usr/bin/pkill
  pkill -9 ekjheory98e
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2508
- /usr/bin/pkill
  pkill -9 scansh4
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2510
- /usr/bin/pkill
  pkill -9 MDMA
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2512
- /usr/bin/pkill
  pkill -9 fdevalvex
  2⤵
  PID:2514
- /usr/bin/pkill
  pkill -9 scanspc
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2516
- /usr/bin/pkill
  pkill -9 MELTEDNINJAREALZ
  2⤵
  PID:2518
- /usr/bin/pkill
  pkill -9 flexsonskids
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2520
- /usr/bin/pkill
  pkill -9 scanx86
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2522
- /usr/bin/pkill
  pkill -9 MISAKI-U79OL
  2⤵
  - Reads CPU attributes
  PID:2524
- /usr/bin/pkill
  pkill -9 foAxi102kxe
  2⤵
  - Reads CPU attributes
  PID:2526
- /usr/bin/pkill
  pkill -9 swodjwodjwoj
  2⤵
  PID:2528
- /usr/bin/pkill
  pkill -9 MmKiy7f87l
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2530
- /usr/bin/pkill
  pkill -9 freecookiex86
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2532
- /usr/bin/pkill
  pkill -9 sysgpu
  2⤵
  - Reads runtime system information
  PID:2534
- /usr/bin/pkill
  pkill -9 NiGGeR69xd
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2536
- /usr/bin/pkill
  pkill -9 frgege
  2⤵
  - Reads runtime system information
  PID:2538
- /usr/bin/pkill
  pkill -9 sysupdater
  2⤵
  - Reads CPU attributes
  PID:2540
- /usr/bin/pkill
  pkill -9 0DnAzepd
  2⤵
  - Reads CPU attributes
  PID:2542
- /usr/bin/pkill
  pkill -9 NiGGeRD0nks69
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2544
- /usr/bin/pkill
  pkill -9 frgreu
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2546
- /usr/bin/pkill
  pkill -9 telnetd
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2548
- /usr/bin/pkill
  pkill -9 0x766f6964
  2⤵
  - Reads CPU attributes
  PID:2553
- /usr/bin/pkill
  pkill -9 NiGGeRd0nks1337
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2555
- /usr/bin/pkill
  pkill -9 gaft
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2557
- /usr/bin/pkill
  pkill -9 urasgbsigboa
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2559
- /usr/bin/pkill
  pkill -9 120i3UI49
  2⤵
  - Reads CPU attributes
  PID:2561
- /usr/bin/pkill
  pkill -9 OaF3
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2563
- /usr/bin/pkill
  pkill -9 geae
  2⤵
  PID:2565
- /usr/bin/pkill
  pkill -9 vaiolmao
  2⤵
  PID:2567
- /usr/bin/pkill
  pkill -9 123123a
  2⤵
  PID:2569
- /usr/bin/pkill
  pkill -9 Ofurain0n4H34D
  2⤵
  PID:2571
- /usr/bin/pkill
  pkill -9 ggTrex
  2⤵
  PID:2573
- /usr/bin/pkill
  pkill -9 wasads
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2575
- /usr/bin/pkill
  pkill -9 1293194hjXD
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2577
- /usr/bin/pkill
  pkill -9 OthLaLosn
  2⤵
  PID:2579
- /usr/bin/pkill
  pkill -9 ggt
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2581
- /usr/bin/pkill
  pkill -9 wget-log
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2583
- /usr/bin/pkill
  pkill -9 1337SoraLOADER
  2⤵
  PID:2585
- /usr/bin/pkill
  pkill -9 SAIAKINA
  2⤵
  - Reads runtime system information
  PID:2587
- /usr/bin/pkill
  pkill -9 ggtq
  2⤵
  - Reads runtime system information
  PID:2589
- /usr/bin/pkill
  pkill -9 1378bfp919GRB1Q2
  2⤵
  PID:2591
- /usr/bin/pkill
  pkill -9 SAIAKUSO
  2⤵
  - Reads runtime system information
  PID:2593
- /usr/bin/pkill
  pkill -9 ggtr
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2595
- /usr/bin/pkill
  pkill -9 14Fa
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2597
- /usr/bin/pkill
  pkill -9 SEXSLAVE1337
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2599
- /usr/bin/pkill
  pkill -9 ggtt
  2⤵
  PID:2601
- /usr/bin/pkill
  pkill -9 1902a3u912u3u4
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2603
- /usr/bin/pkill
  pkill -9 SO190Ij1X
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2605
- /usr/bin/pkill
  pkill -9 haetrghbr
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2607
- /usr/bin/pkill
  pkill -9 19ju3d
  2⤵
  - Reads CPU attributes
  PID:2609
- /usr/bin/pkill
  pkill -9 SORAojkf120
  2⤵
  PID:2611
- /usr/bin/pkill
  pkill -9 hehahejeje92
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2613
- /usr/bin/pkill
  pkill -9 2U2JDJA901F91
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2615
- /usr/bin/pkill
  pkill -9 SlaVLav12
  2⤵
  PID:2617
- /usr/bin/pkill
  pkill -9 helpmedaddthhhhh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2619
- /usr/bin/pkill
  pkill -9 2wgg9qphbq
  2⤵
  - Reads runtime system information
  PID:2621
- /usr/bin/pkill
  pkill -9 Slav3Th3seD3vices
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2623
- /usr/bin/pkill
  pkill -9 hzSmYZjYMQ
  2⤵
  - Reads runtime system information
  PID:2625
- /usr/bin/pkill
  pkill -9 5Gbf
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2627
- /usr/bin/pkill
  pkill -9 SoRAxD123LOL
  2⤵
  PID:2629
- /usr/bin/pkill
  pkill -9 iaGv
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2631
- /usr/bin/pkill
  pkill -9 5aA3
  2⤵
  PID:2633
- /usr/bin/pkill
  pkill -9 SoRAxD420LOL
  2⤵
  - Reads CPU attributes
  PID:2635
- /usr/bin/pkill
  pkill -9 insomni
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2637
- /usr/bin/pkill
  pkill -9 640277
  2⤵
  - Reads runtime system information
  PID:2639
- /usr/bin/pkill
  pkill -9 SoraBeReppin1337
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2641
- /usr/bin/pkill
  pkill -9 ipcamCache
  2⤵
  - Enumerates kernel/hardware configuration
  - System Network Configuration Discovery
  PID:2643
- /usr/bin/pkill
  pkill -9 66tlGg9Q
  2⤵
  PID:2645
- /usr/bin/pkill
  pkill -9 T
  2⤵
  PID:2647
- /usr/bin/pkill
  pkill -9 jUYfouyf87
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2649
- /usr/bin/pkill
  pkill -9 6ke3
  2⤵
  PID:2651
- /usr/bin/pkill
  pkill -9 TOKYO3
  2⤵
  PID:2653
- /usr/bin/pkill
  pkill -9 lyEeaXul2dULCVxh
  2⤵
  - Reads CPU attributes
  PID:2655
- /usr/bin/pkill
  pkill -9 93OfjHZ2z
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2657
- /usr/bin/pkill
  pkill -9 TY2gD6MZvKc7KU6r
  2⤵
  - Reads CPU attributes
  PID:2659
- /usr/bin/pkill
  pkill -9 mMkiy6f87l
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2661
- /usr/bin/pkill
  pkill -9 A023UU4U24UIU
  2⤵
  PID:2663
- /usr/bin/pkill
  pkill -9 TheWeeknd
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2665
- /usr/bin/pkill
  pkill -9 mioribitches
  2⤵
  - Reads CPU attributes
  PID:2667
- /usr/bin/pkill
  pkill -9 A5p9
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2669
- /usr/bin/pkill
  pkill -9 TheWeeknds
  2⤵
  PID:2671
- /usr/bin/pkill
  pkill -9 mnblkjpoi
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2673
- /usr/bin/pkill
  pkill -9 AbAd
  2⤵
  - Reads runtime system information
  PID:2675
- /usr/bin/pkill
  pkill -9 Tokyos
  2⤵
  - Reads CPU attributes
  PID:2677
- /usr/bin/pkill
  pkill -9 neb
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2679
- /usr/bin/pkill
  pkill -9 Akiru
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2681
- /usr/bin/pkill
  pkill -9 U8inTz
  2⤵
  PID:2683
- /usr/bin/pkill
  pkill -9 netstats
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2685
- /usr/bin/pkill
  pkill -9 Alex
  2⤵
  - Reads CPU attributes
  PID:2687
- /usr/bin/pkill
  pkill -9 W9RCAKM20T
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2689
- /usr/bin/pkill
  pkill -9 newnetword
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2691
- /usr/bin/pkill
  pkill -9 Ayo215
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2693
- /usr/bin/pkill
  pkill -9 Word
  2⤵
  - Reads runtime system information
  PID:2695
- /usr/bin/pkill
  pkill -9 nloads
  2⤵
  - Reads runtime system information
  PID:2697
- /usr/bin/pkill
  pkill -9 BAdAsV
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2699
- /usr/bin/pkill
  pkill -9 Wordmane
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2701
- /usr/bin/pkill
  pkill -9 notyakuzaa
  2⤵
  - Reads CPU attributes
  PID:2703
- /usr/bin/pkill
  pkill -9 Belch
  2⤵
  - Reads CPU attributes
  PID:2705
- /usr/bin/pkill
  pkill -9 Wordnets
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2707
- /usr/bin/pkill
  pkill -9 obp
  2⤵
  PID:2709
- /usr/bin/pkill
  pkill -9 BigN0gg0r420
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2711
- /usr/bin/pkill
  pkill -9 X0102I34f
  2⤵
  PID:2713
- /usr/bin/pkill
  pkill -9 ofhasfhiafhoi
  2⤵
  - Reads CPU attributes
  PID:2715
- /usr/bin/pkill
  pkill -9 BzSxLxBxeY
  2⤵
  - Reads runtime system information
  PID:2717
- /usr/bin/pkill
  pkill -9 X19I239124UIU
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2719
- /usr/bin/pkill
  pkill -9 oism
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2721
- /usr/bin/pkill
  pkill -9 Deported
  2⤵
  PID:2723
- /usr/bin/pkill
  pkill -9 XSHJEHHEIIHWO
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2725
- /usr/bin/pkill
  pkill -9 olsVNwo12
  2⤵
  - Reads CPU attributes
  PID:2727
- /usr/bin/pkill
  pkill -9 DeportedDeported
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2729
- /usr/bin/pkill
  pkill -9 XkTer0GbA1
  2⤵
  PID:2746
- /usr/bin/pkill
  pkill -9 onry0v03
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2748
- /usr/bin/pkill
  pkill -9 FortniteDownLOLZ
  2⤵
  - Reads runtime system information
  PID:2750
- /usr/bin/pkill
  pkill -9 Y0urM0mGay
  2⤵
  PID:2752
- /usr/bin/pkill
  pkill -9 pussyfartlmaojk
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2754
- /usr/bin/pkill
  pkill -9 GrAcEnIgGeRaNn
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2756
- /usr/bin/pkill
  pkill -9 YvdGkqndCO
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2758
- /usr/bin/pkill
  pkill -9 qGeoRBe6BE
  2⤵
  PID:2760
- /usr/bin/pkill
  pkill -9 GuiltyCrown
  2⤵
  - Reads CPU attributes
  PID:2762
- /usr/bin/pkill
  pkill -9 ZEuS69
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2767
- /usr/bin/pkill
  pkill -9 s4beBsEQhd
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2769
- /usr/bin/pkill
  pkill -9 HOHO-KSNDO
  2⤵
  - Reads CPU attributes
  PID:2771
- /usr/bin/pkill
  pkill -9 ZEuz69
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2773
- /usr/bin/pkill
  pkill -9 sat1234
  2⤵
  PID:2775
- /usr/bin/pkill
  pkill -9 HOHO-LUGO7
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2777
- /usr/bin/pkill
  pkill -9 aj93hJ23
  2⤵
  - Reads CPU attributes
  PID:2779
- /usr/bin/pkill
  pkill -9 scanHA
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2781
- /usr/bin/pkill
  pkill -9 HOHO-U79OL
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2783
- /usr/bin/pkill
  pkill -9 alie293z0k2L
  2⤵
  - Reads CPU attributes
  PID:2785
- /usr/bin/pkill
  pkill -9 scanJoshoARM
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2787
- /usr/bin/pkill
  pkill -9 HellInSide
  2⤵
  - Reads runtime system information
  PID:2789
- /usr/bin/pkill
  pkill -9 ayyyGangShit
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2791
- /usr/bin/pkill
  pkill -9 scanJoshoARM5
  2⤵
  PID:2793
- /usr/bin/pkill
  pkill -9 HighFry
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2795
- /usr/bin/pkill
  pkill -9 b1gl
  2⤵
  PID:2797
- /usr/bin/pkill
  pkill -9 scanJoshoARM6
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2799

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads