Overview
overview
10Static
static
10客户端(...EY.exe
windows7-x64
9客户端(...EY.exe
windows10-2004-x64
9UDP.exe
windows7-x64
3UDP.exe
windows10-2004-x64
3a
ubuntu-24.04-amd64
8arm1
debian-9-armhf
4bj.exe
windows7-x64
10bj.exe
windows10-2004-x64
10bjyk.exe
windows7-x64
10bjyk.exe
windows10-2004-x64
10cctv.exe
windows7-x64
7cctv.exe
windows10-2004-x64
10cctv_2.exe
windows7-x64
1cctv_2.exe
windows10-2004-x64
10cn.exe
windows7-x64
7cn.exe
windows10-2004-x64
7cn1.exe
windows7-x64
7cn1.exe
windows10-2004-x64
3dhl.exe
windows7-x64
10dhl.exe
windows10-2004-x64
10java
ubuntu-18.04-amd64
4java (2)
ubuntu-24.04-amd64
1java1
ubuntu-24.04-amd64
7k5.exe
windows7-x64
8k5.exe
windows10-2004-x64
10ly1
debian-9-mips
3mh.exe
windows7-x64
10mh.exe
windows10-2004-x64
10mips
debian-12-mipsel
4pjhxx
ubuntu-24.04-amd64
1rootkit
ubuntu-24.04-amd64
8se.exe
windows7-x64
7Analysis
-
max time kernel
149s -
max time network
147s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
02-01-2025 21:33
Behavioral task
behavioral1
Sample
客户端(Client)_KEY.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral2
Sample
客户端(Client)_KEY.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
UDP.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
UDP.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
a
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral6
Sample
arm1
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral7
Sample
bj.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
bj.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
bjyk.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral10
Sample
bjyk.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
cctv.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
cctv.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
cctv_2.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
cctv_2.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
cn.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
cn.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
cn1.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
cn1.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
dhl.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
dhl.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
java
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral22
Sample
java (2)
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral23
Sample
java1
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral24
Sample
k5.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral25
Sample
k5.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
ly1
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral27
Sample
mh.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
mh.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
mips
Resource
debian12-mipsel-20240221-en
debian-12-mipsel
Behavioral task
behavioral30
Sample
pjhxx
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral31
Sample
rootkit
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral32
Sample
se.exe
Resource
win7-20240903-en
windows7-x64
General
-
Target
a
-
Size
1.3MB
-
MD5
84839072ae06ae3e47d93f3b79067305
-
SHA1
eb578777ca88dcaa72cb9b22720618b2e3aa770f
-
SHA256
dd77459b8d76d9be75dde3f2aa8e8434b266bc98acd15966c6ae65a6620b10db
-
SHA512
3b004be47b8aef3ce9ee821d267ef4e36dfb2a17bdbbf8630f24f119f3ad26c862a79a1e8afafe7e98422479eb58dd8b2ee5c644d3aef84f9bb2eab991f878de
-
SSDEEP
24576:X8BHnVsZc1VZneCEuvLmJ7p9fomAmgAspprQYlGtmgmH1LJSwYS3uJdE0cG/v5FH:YHnVec1VZnezuvLmJrfvAmgAspprVlGR
Malware Config
Signatures
-
Writes memory of remote process 3 IoCs
pid Process 2418 a 2419 a 2421 a -
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2418 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a 2422 a