Analysis

  • max time kernel
    1s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    02-12-2024 18:22

General

  • Target

    PoshC2-master/poshc2/client/__init__.py

  • Size

    207B

  • MD5

    302b43b2d0995278c1b2213d18edeb42

  • SHA1

    6e8b19f8ff75f5236fa74304c7dc1d580d3d09aa

  • SHA256

    1f16e81b2093b87eab79ba71354c48227c3ea306d7919316f25bb8d210f0fafb

  • SHA512

    492913faa130baa7f8a5b3f9b103f48e898dc13c095869f280f3fd07bf2dcfb80e6de73d25a0cd590dfa3339f25c6255252b277e83f4609a02a3fcf5b4bb9924

Score
3/10

Malware Config

Signatures

  • Command and Scripting Interpreter: Python 1 TTPs 4 IoCs

    Execution via Python.

Processes

  • /tmp/PoshC2-master/poshc2/client/__init__.py
    /tmp/PoshC2-master/poshc2/client/__init__.py
    1⤵
      PID:747
    • /usr/local/sbin/python3
      python3 /tmp/PoshC2-master/poshc2/client/__init__.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:747
    • /usr/local/bin/python3
      python3 /tmp/PoshC2-master/poshc2/client/__init__.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:747
    • /usr/sbin/python3
      python3 /tmp/PoshC2-master/poshc2/client/__init__.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:747
    • /usr/bin/python3
      python3 /tmp/PoshC2-master/poshc2/client/__init__.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:747

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads