Overview

overview

10

Static

static

10

hezb/样�...14FEB1

ubuntu-18.04-amd64

hezb/样�...14FEB1

debian-9-armhf

hezb/样�...14FEB1

debian-9-mips

hezb/样�...14FEB1

debian-9-mipsel

hezb/样�...AA484D

ubuntu-18.04-amd64

hezb/样�...AA484D

debian-9-armhf

hezb/样�...AA484D

debian-9-mips

hezb/样�...AA484D

debian-9-mipsel

hezb/样�...254E2C

ubuntu-24.04-amd64

6

hezb/样�...2C0CFB

ubuntu-24.04-amd64

10

hezb/样�...F3E8C3

ubuntu-24.04-amd64

6

hezb/样�...49.ps1

windows7-x64

3

hezb/样�...49.ps1

windows10-2004-x64

3

hezb/样�...D2.ps1

windows7-x64

3

hezb/样�...D2.ps1

windows10-2004-x64

3

hezb/样�...DE.exe

windows7-x64

1

hezb/样�...DE.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    129s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    11-12-2024 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hezb/样本/Linux/漏洞利用程序/8E3E276E650E6EA21BEA16C8C2F3E8C3

  • Size

    14KB

  • MD5

    8e3e276e650e6ea21bea16c8c2f3e8c3

  • SHA1

    e483074bbe5e41cacbe081f290d7e6b0c3184c7f

  • SHA256

    4dcae1bddfc3e2cb98eae84e86fb58ec14ea6ef00778ac5974c4ec526d3da31f

  • SHA512

    8b33a40fd39a06a85169f2e4c4172a4d44ec24d50c512db7231ab4575dbf4093bfdabc63dd1b36dda94ec87772469e659abf0650d8982a526d8623a96bf93e38

  • SSDEEP

    384:ydtOQtZn0kc0sE8Xvn/3PHfXvn/3PHfXvnr70/i:SI00kc0sE8Xvn/3PHfXvn/3PHfXvnrr

Score
6/10
discovery

Malware Config

Signatures

  • Uses Polkit to run commands 1 IoCs

    Uses Polkit pkexec as a proxy to execute commands, possibly to bypass security restrictions.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/hezb/样本/Linux/漏洞利用程序/8E3E276E650E6EA21BEA16C8C2F3E8C3
    /tmp/hezb/样本/Linux/漏洞利用程序/8E3E276E650E6EA21BEA16C8C2F3E8C3
    1⤵
    • Writes file to tmp directory
    PID:2517
  • /usr/bin/pkexec
    1⤵
    • Uses Polkit to run commands
    • Reads runtime system information
    PID:2517

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /tmp/hezb/样本/Linux/漏洞利用程序/.pkexec/gconv-modules
    Filesize

    32B

    MD5

    b9509d5bee230341cacfed6bd6712bd3

    SHA1

    2dbad9dc54dfd6b14af012c54b3adbd939100fa6

    SHA256

    50f2c869bb56ae55e7b42e02bdd757b10a4bbb5532157c46c0f3f32ab0ebabdd

    SHA512

    d817b5d4cf294e18af8e029d5e82e693825c29d3164ed2bd5a0cb86a6fb68c5de3b8f30595bbf50ee0c7c98fa10601971c9aa98fc8cb96e7775f6306e0fddae6

    Download Submit