8fe5d51bd7d9e650132b7fa22f88e9c98b17a33ebcc64d0c6681199d0f4935fc

Analysis

max time kernel
0s
max time network
136s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20241127-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20241127-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
18-12-2024 11:41

Target

漏洞利用程序/8E3E276E650E6EA21BEA16C8C2F3E8C3
Size

14KB
MD5

8e3e276e650e6ea21bea16c8c2f3e8c3
SHA1

e483074bbe5e41cacbe081f290d7e6b0c3184c7f
SHA256

4dcae1bddfc3e2cb98eae84e86fb58ec14ea6ef00778ac5974c4ec526d3da31f
SHA512

8b33a40fd39a06a85169f2e4c4172a4d44ec24d50c512db7231ab4575dbf4093bfdabc63dd1b36dda94ec87772469e659abf0650d8982a526d8623a96bf93e38
SSDEEP

384:ydtOQtZn0kc0sE8Xvn/3PHfXvn/3PHfXvnr70/i:SI00kc0sE8Xvn/3PHfXvn/3PHfXvnrr

Score

6^/10

discovery

Uses Polkit to run commands 1 IoCs

Uses Polkit pkexec as a proxy to execute commands, possibly to bypass security restrictions.

pid	Process
1420	pkexec

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	pkexec

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/漏洞利用程序/.pkexec/gconv-modules	8E3E276E650E6EA21BEA16C8C2F3E8C3

/tmp/漏洞利用程序/8E3E276E650E6EA21BEA16C8C2F3E8C3
/tmp/漏洞利用程序/8E3E276E650E6EA21BEA16C8C2F3E8C3
1⤵
- Writes file to tmp directory
PID:1420

/usr/bin/pkexec
1⤵
- Uses Polkit to run commands
- Reads runtime system information
PID:1420

/tmp/漏洞利用程序/.pkexec/gconv-modules

Filesize
32B

MD5
b9509d5bee230341cacfed6bd6712bd3

SHA1
2dbad9dc54dfd6b14af012c54b3adbd939100fa6

SHA256
50f2c869bb56ae55e7b42e02bdd757b10a4bbb5532157c46c0f3f32ab0ebabdd

SHA512
d817b5d4cf294e18af8e029d5e82e693825c29d3164ed2bd5a0cb86a6fb68c5de3b8f30595bbf50ee0c7c98fa10601971c9aa98fc8cb96e7775f6306e0fddae6

Download Submit