Overview

overview

10

Static

static

10

样本/Lin...9DC1D8

ubuntu-18.04-amd64

7

样本/Lin...B36C5B

ubuntu-24.04-amd64

6

样本/Lin...E3B383

ubuntu-24.04-amd64

8

样本/Lin...6F5973

ubuntu-22.04-amd64

1

样本/Lin...776DB8

ubuntu-18.04-amd64

1

样本/Lin...776DB8

debian-9-armhf

1

样本/Lin...776DB8

debian-9-mips

1

样本/Lin...776DB8

debian-9-mipsel

1

样本/Lin...C9A3F7

ubuntu-18.04-amd64

6

样本/Lin...C9A3F7

debian-9-armhf

6

样本/Lin...C9A3F7

debian-9-mips

6

样本/Lin...C9A3F7

debian-9-mipsel

6

样本/Lin...FECBE5

ubuntu-22.04-amd64

10

1AAF1A9F78...31.tar

windows7-x64

1

1AAF1A9F78...31.tar

windows10-2004-x64

1

xrx/chattr

ubuntu-24.04-amd64

1

xrx/init.sh

ubuntu-22.04-amd64

6

xrx/init0

ubuntu-24.04-amd64

8

xrx/scp

ubuntu-18.04-amd64

1

xrx/scp

debian-9-armhf

1

xrx/scp

debian-9-mips

1

xrx/scp

debian-9-mipsel

1

xrx/secure

ubuntu-24.04-amd64

7

xrx/uninstall.sh

ubuntu-18.04-amd64

6

xrx/uninstall.sh

debian-9-armhf

6

xrx/uninstall.sh

debian-9-mips

6

xrx/uninstall.sh

debian-9-mipsel

6

xrx/xrx

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    141s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    26/11/2024, 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xrx/scp

  • Size

    63B

  • MD5

    7e21ae4da5edbbe4adaeacd5f7c1ece6

  • SHA1

    f5574230833e98e010ecea9ceb027c2981f57488

  • SHA256

    fc26873006164decacbcfb01d246b54539b786b404be0bb1a5cde5263031663a

  • SHA512

    113ca3b1217fa477acd003d65faac8913e805281ae7f664a7a91d6195c0e354831645238f98c6c9d7fe622587065e1db5e7d2a2385ad32ff17b6644832563b1c

Score
1/10

Malware Config

Signatures

Processes

  • /tmp/xrx/scp
    /tmp/xrx/scp
    1⤵
      PID:669
      • /dev/shm/.x/secure
        /dev/shm/.x/secure
        2⤵
          PID:670
        • /bin/sleep
          sleep 10
          2⤵
            PID:671
          • /dev/shm/.x/secure
            /dev/shm/.x/secure
            2⤵
              PID:752
            • /bin/sleep
              sleep 10
              2⤵
                PID:753
              • /dev/shm/.x/secure
                /dev/shm/.x/secure
                2⤵
                  PID:756
                • /bin/sleep
                  sleep 10
                  2⤵
                    PID:757
                  • /dev/shm/.x/secure
                    /dev/shm/.x/secure
                    2⤵
                      PID:763
                    • /bin/sleep
                      sleep 10
                      2⤵
                        PID:764
                      • /dev/shm/.x/secure
                        /dev/shm/.x/secure
                        2⤵
                          PID:767
                        • /bin/sleep
                          sleep 10
                          2⤵
                            PID:768
                          • /dev/shm/.x/secure
                            /dev/shm/.x/secure
                            2⤵
                              PID:771
                            • /bin/sleep
                              sleep 10
                              2⤵
                                PID:772
                              • /dev/shm/.x/secure
                                /dev/shm/.x/secure
                                2⤵
                                  PID:775
                                • /bin/sleep
                                  sleep 10
                                  2⤵
                                    PID:776
                                  • /dev/shm/.x/secure
                                    /dev/shm/.x/secure
                                    2⤵
                                      PID:780
                                    • /bin/sleep
                                      sleep 10
                                      2⤵
                                        PID:781
                                      • /dev/shm/.x/secure
                                        /dev/shm/.x/secure
                                        2⤵
                                          PID:784
                                        • /bin/sleep
                                          sleep 10
                                          2⤵
                                            PID:785
                                          • /dev/shm/.x/secure
                                            /dev/shm/.x/secure
                                            2⤵
                                              PID:788
                                            • /bin/sleep
                                              sleep 10
                                              2⤵
                                                PID:789
                                              • /dev/shm/.x/secure
                                                /dev/shm/.x/secure
                                                2⤵
                                                  PID:792
                                                • /bin/sleep
                                                  sleep 10
                                                  2⤵
                                                    PID:793
                                                  • /dev/shm/.x/secure
                                                    /dev/shm/.x/secure
                                                    2⤵
                                                      PID:796
                                                    • /bin/sleep
                                                      sleep 10
                                                      2⤵
                                                        PID:797
                                                      • /dev/shm/.x/secure
                                                        /dev/shm/.x/secure
                                                        2⤵
                                                          PID:800
                                                        • /bin/sleep
                                                          sleep 10
                                                          2⤵
                                                            PID:801
                                                          • /dev/shm/.x/secure
                                                            /dev/shm/.x/secure
                                                            2⤵
                                                              PID:804
                                                            • /bin/sleep
                                                              sleep 10
                                                              2⤵
                                                                PID:805
                                                              • /dev/shm/.x/secure
                                                                /dev/shm/.x/secure
                                                                2⤵
                                                                  PID:808
                                                                • /bin/sleep
                                                                  sleep 10
                                                                  2⤵
                                                                    PID:809

                                                                Network

                                                                MITRE ATT&CK Matrix

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads