Overview

overview

10

Static

static

10

样本/Lin...9DC1D8

ubuntu-18.04-amd64

7

样本/Lin...B36C5B

ubuntu-24.04-amd64

6

样本/Lin...E3B383

ubuntu-24.04-amd64

8

样本/Lin...6F5973

ubuntu-22.04-amd64

1

样本/Lin...776DB8

ubuntu-18.04-amd64

1

样本/Lin...776DB8

debian-9-armhf

1

样本/Lin...776DB8

debian-9-mips

1

样本/Lin...776DB8

debian-9-mipsel

1

样本/Lin...C9A3F7

ubuntu-18.04-amd64

6

样本/Lin...C9A3F7

debian-9-armhf

6

样本/Lin...C9A3F7

debian-9-mips

6

样本/Lin...C9A3F7

debian-9-mipsel

6

样本/Lin...FECBE5

ubuntu-22.04-amd64

10

1AAF1A9F78...31.tar

windows7-x64

1

1AAF1A9F78...31.tar

windows10-2004-x64

1

xrx/chattr

ubuntu-24.04-amd64

1

xrx/init.sh

ubuntu-22.04-amd64

6

xrx/init0

ubuntu-24.04-amd64

8

xrx/scp

ubuntu-18.04-amd64

1

xrx/scp

debian-9-armhf

1

xrx/scp

debian-9-mips

1

xrx/scp

debian-9-mipsel

1

xrx/secure

ubuntu-24.04-amd64

7

xrx/uninstall.sh

ubuntu-18.04-amd64

6

xrx/uninstall.sh

debian-9-armhf

6

xrx/uninstall.sh

debian-9-mips

6

xrx/uninstall.sh

debian-9-mipsel

6

xrx/xrx

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    141s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    26/11/2024, 12:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xrx/scp

  • Size

    63B

  • MD5

    7e21ae4da5edbbe4adaeacd5f7c1ece6

  • SHA1

    f5574230833e98e010ecea9ceb027c2981f57488

  • SHA256

    fc26873006164decacbcfb01d246b54539b786b404be0bb1a5cde5263031663a

  • SHA512

    113ca3b1217fa477acd003d65faac8913e805281ae7f664a7a91d6195c0e354831645238f98c6c9d7fe622587065e1db5e7d2a2385ad32ff17b6644832563b1c

Score
1/10

Malware Config

Signatures

Processes

  • /tmp/xrx/scp
    /tmp/xrx/scp
    1⤵
      PID:669
      • /dev/shm/.x/secure
        /dev/shm/.x/secure
        2⤵
          PID:670
        • /bin/sleep
          sleep 10
          2⤵
            PID:671
          • /dev/shm/.x/secure
            /dev/shm/.x/secure
            2⤵
              PID:752
            • /bin/sleep
              sleep 10
              2⤵
                PID:753
              • /dev/shm/.x/secure
                /dev/shm/.x/secure
                2⤵
                  PID:756
                • /bin/sleep
                  sleep 10
                  2⤵
                    PID:757
                  • /dev/shm/.x/secure
                    /dev/shm/.x/secure
                    2⤵
                      PID:763
                    • /bin/sleep
                      sleep 10
                      2⤵
                        PID:764
                      • /dev/shm/.x/secure
                        /dev/shm/.x/secure
                        2⤵
                          PID:767
                        • /bin/sleep
                          sleep 10
                          2⤵
                            PID:768
                          • /dev/shm/.x/secure
                            /dev/shm/.x/secure
                            2⤵
                              PID:771
                            • /bin/sleep
                              sleep 10
                              2⤵
                                PID:772
                              • /dev/shm/.x/secure
                                /dev/shm/.x/secure
                                2⤵
                                  PID:775
                                • /bin/sleep
                                  sleep 10
                                  2⤵
                                    PID:776
                                  • /dev/shm/.x/secure
                                    /dev/shm/.x/secure
                                    2⤵
                                      PID:780
                                    • /bin/sleep
                                      sleep 10
                                      2⤵
                                        PID:781
                                      • /dev/shm/.x/secure
                                        /dev/shm/.x/secure
                                        2⤵
                                          PID:784
                                        • /bin/sleep
                                          sleep 10
                                          2⤵
                                            PID:785
                                          • /dev/shm/.x/secure
                                            /dev/shm/.x/secure
                                            2⤵
                                              PID:788
                                            • /bin/sleep
                                              sleep 10
                                              2⤵
                                                PID:789
                                              • /dev/shm/.x/secure
                                                /dev/shm/.x/secure
                                                2⤵
                                                  PID:792
                                                • /bin/sleep
                                                  sleep 10
                                                  2⤵
                                                    PID:793
                                                  • /dev/shm/.x/secure
                                                    /dev/shm/.x/secure
                                                    2⤵
                                                      PID:796
                                                    • /bin/sleep
                                                      sleep 10
                                                      2⤵
                                                        PID:797
                                                      • /dev/shm/.x/secure
                                                        /dev/shm/.x/secure
                                                        2⤵
                                                          PID:800
                                                        • /bin/sleep
                                                          sleep 10
                                                          2⤵
                                                            PID:801
                                                          • /dev/shm/.x/secure
                                                            /dev/shm/.x/secure
                                                            2⤵
                                                              PID:804
                                                            • /bin/sleep
                                                              sleep 10
                                                              2⤵
                                                                PID:805
                                                              • /dev/shm/.x/secure
                                                                /dev/shm/.x/secure
                                                                2⤵
                                                                  PID:808
                                                                • /bin/sleep
                                                                  sleep 10
                                                                  2⤵
                                                                    PID:809

                                                                Network

                                                                MITRE ATT&CK Matrix

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                We care about your privacy.

                                                                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.