Overview

overview

8

Static

static

7

Erebus-mas...03.exe

windows7-x64

5

Erebus-mas...03.exe

windows10-2004-x64

5

Erebus-mas...64.dll

windows7-x64

1

Erebus-mas...64.dll

windows10-2004-x64

1

Erebus-mas...86.dll

windows7-x64

3

Erebus-mas...86.dll

windows10-2004-x64

3

Erebus-mas...64.exe

windows7-x64

1

Erebus-mas...64.exe

windows10-2004-x64

1

Erebus-mas...86.exe

windows7-x64

1

Erebus-mas...86.exe

windows10-2004-x64

3

Erebus-mas...64.exe

windows7-x64

8

Erebus-mas...64.exe

windows10-2004-x64

8

Erebus-mas...jp.exe

windows7-x64

1

Erebus-mas...jp.exe

windows10-2004-x64

1

Erebus-mas...sp.exe

windows7-x64

1

Erebus-mas...sp.exe

windows10-2004-x64

1

Erebus-mas...80.exe

windows7-x64

7

Erebus-mas...80.exe

windows10-2004-x64

7

Erebus-mas...es.exe

windows7-x64

7

Erebus-mas...es.exe

windows10-2004-x64

7

Erebus-mas...b.xlsx

windows7-x64

3

Erebus-mas...b.xlsx

windows10-2004-x64

1

Erebus-mas...ter.py

ubuntu-18.04-amd64

3

Erebus-mas...ter.py

debian-9-armhf

3

Erebus-mas...ter.py

debian-9-mips

3

Erebus-mas...ter.py

debian-9-mipsel

3

Erebus-mas...er.ps1

windows7-x64

3

Erebus-mas...er.ps1

windows10-2004-x64

3

Erebus-mas...to.exe

windows7-x64

1

Erebus-mas...to.exe

windows10-2004-x64

1

Erebus-mas...le.exe

windows7-x64

1

Erebus-mas...le.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    4s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    03-12-2024 06:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Erebus-master/local/windows-exploit-suggester.py

  • Size

    67KB

  • MD5

    b85ac40fa657eaf15ef07814e677acb7

  • SHA1

    a6df392a19e90205fa2817604feb02bf634e0315

  • SHA256

    c7ede901b75c2a48af62d4444fb1a9e62acfdee92ca21517bca1d573afd8e6b7

  • SHA512

    7ac235b57bd594295bfff32a0ecd992719649de2f0070f8b470e9121426e4554c89bb79863459f9e25d53b1c6133c93eda8d3032523d69e16e7c99a386ff0fb2

  • SSDEEP

    1536:TKU38AJBrwejZtw4sh2H5TstgVxbM7ytX8r3iu7AiwdYmBRNbiMoJsipkxPv0Yr7:wiweVtwc5igVxbM7ytX8r3iu7AiwdYmf

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: Python 1 TTPs 4 IoCs

    Execution via Python.

    execution

Processes

  • /tmp/Erebus-master/local/windows-exploit-suggester.py
    /tmp/Erebus-master/local/windows-exploit-suggester.py
    1⤵
      PID:694
    • /usr/local/sbin/python
      python /tmp/Erebus-master/local/windows-exploit-suggester.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:694
    • /usr/local/bin/python
      python /tmp/Erebus-master/local/windows-exploit-suggester.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:694
    • /usr/sbin/python
      python /tmp/Erebus-master/local/windows-exploit-suggester.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:694
    • /usr/bin/python
      python /tmp/Erebus-master/local/windows-exploit-suggester.py
      1⤵
      • Command and Scripting Interpreter: Python
      PID:694
      • /bin/sh
        sh -c "uname -p 2> /dev/null"
        2⤵
          PID:709
          • /bin/uname
            uname -p
            3⤵
              PID:710

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads