37d8e1ce3b6e6488942717aa78cb54785edc985143bcc8d9ba9f42d73a3dbd7a

Resubmissions

07/12/2024, 03:49

241207-edgkzszrdj 10

04/12/2024, 22:38

04/12/2024, 20:49

04/12/2024, 20:48

04/12/2024, 19:23

04/12/2024, 19:14

19/07/2024, 04:07

17/07/2024, 17:11

Analysis

max time kernel
4s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
04/12/2024, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RIP_YOUR_PC_LOL.exe
Size

22.5MB
MD5

52867174362410d63215d78e708103ea
SHA1

7ae4e1048e4463a4201bdeaf224c5b6face681bf
SHA256

37d8e1ce3b6e6488942717aa78cb54785edc985143bcc8d9ba9f42d73a3dbd7a
SHA512

89e17e147d3f073e479e85d0b0321f6264bbc2aa84c930ed645e8f5cde3f1e58812c3db1ba0f10bee6ce7ac0731e1e3de6747a9b3c4d63a564dd8d904bd726ab
SSDEEP

393216:HJLgf7BPkdKzrZciLxv8naSNtPr5rn57M84UTB9xO5/VWvJKJPkwdnfZ4y5SDkFV:poBPQwxMR7pn5qUTB9xOFVWvJKJPkwd9

Score

3^/10

discovery

Malware Config

Signatures

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
696	apt

Writes file to tmp directory 4 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/fileutl.message.L4nyDO	apt
File opened for modification	/tmp/fileutl.message.lmhtiR	apt
File opened for modification	/tmp/fileutl.message.b0XDY7	apt
File opened for modification	/tmp/fileutl.message.MHynM3	apt

/usr/bin/apt
apt install "wine;" wine /tmp/RIP_YOUR_PC_LOL.exe
1⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:696
- /usr/bin/dpkg
  /usr/bin/dpkg --print-foreign-architectures
  2⤵
  - Reads runtime system information
  PID:704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads