Overview

overview

10

Static

static

10

.bash_hist...utorun

ubuntu-18.04-amd64

7

.bash_hist...utorun

debian-9-armhf

7

.bash_hist...utorun

debian-9-mips

7

.bash_hist...utorun

debian-9-mipsel

7

.bash_history1/.kde/b

ubuntu-22.04-amd64

.bash_hist...kde/b2

ubuntu-22.04-amd64

.bash_hist.../crond

ubuntu-24.04-amd64

.bash_hist.../essyn

ubuntu-24.04-amd64

1

.bash_history1/.kde/f

ubuntu-22.04-amd64

.bash_hist...kde/f4

ubuntu-24.04-amd64

.bash_history1/.kde/g

ubuntu-24.04-amd64

.bash_history1/.kde/j

ubuntu-24.04-amd64

.bash_hist...kde/j2

ubuntu-24.04-amd64

.bash_hist...killer

ubuntu-20.04-amd64

.bash_hist...ch.vbs

windows7-x64

1

.bash_hist...ch.vbs

windows10-2004-x64

8

.bash_hist...de/run

ubuntu-18.04-amd64

1

.bash_hist...de/run

debian-9-armhf

1

.bash_hist...de/run

debian-9-mips

1

.bash_hist...de/run

debian-9-mipsel

1

.bash_history1/.kde/s

ubuntu-20.04-amd64

.bash_hist...kde/sl

ubuntu-22.04-amd64

.bash_hist...e/ssyn

ubuntu-24.04-amd64

1

.bash_hist...art.sh

windows7-x64

3

.bash_hist...art.sh

windows10-2004-x64

8

.bash_hist...de/std

ubuntu-24.04-amd64

.bash_hist...tealth

ubuntu-20.04-amd64

.bash_hist...stream

ubuntu-22.04-amd64

.bash_hist...e/talk

ubuntu-22.04-amd64

.bash_hist...de/tty

ubuntu-22.04-amd64

.bash_hist...update

ubuntu-18.04-amd64

1

.bash_hist...update

debian-9-armhf

1

Analysis

  • max time kernel
    1s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    12-02-2025 07:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .bash_history1/.kde/autorun

  • Size

    309B

  • MD5

    a27cd7f6ec00538d81eba3081cbdd3d3

  • SHA1

    7c80bfef642c3330dd26d340f15453247b4dbed9

  • SHA256

    cf6e9033be781ec8a1d5ea771657a9f5bdfbcff9154507028dc158cfd76b3ab9

  • SHA512

    c5dabbdcecdc677df4e5a46a37eaee3adc4a2a2a864cd6c397406de9663e09be884d13e9cd2752d8bd6234ae2c989b979dc29353794f47cdc3697cf71782cd63

Score
7/10
defense_evasiondiscoveryexecutionpersistenceprivilege_escalation

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 1 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    executionpersistenceprivilege_escalation
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.bash_history1/.kde/autorun
    /tmp/.bash_history1/.kde/autorun
    1⤵
    • Writes file to tmp directory
    PID:711
    • /bin/cat
      cat dir
      2⤵
        PID:714
      • /usr/bin/crontab
        crontab cron
        2⤵
        • Creates/modifies Cron job
        • Reads runtime system information
        PID:718
      • /usr/bin/crontab
        crontab -l
        2⤵
        • Reads runtime system information
        PID:723
      • /bin/grep
        grep update
        2⤵
          PID:724
        • /bin/chmod
          chmod u+x update
          2⤵
          • File and Directory Permissions Modification
          PID:726

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /var/spool/cron/crontabs/tmp.EZVvwx
        Filesize

        236B

        MD5

        0df6cb0b564793ab7a1a06affd86e3bc

        SHA1

        9cd09e679cdf7803ccee653955572d93e6e3e86d

        SHA256

        35828b871c150be0c7d42975eef9cd5f583f0f5268c2d820e7459739a0d24a09

        SHA512

        d061251450c0368fec40da350e2de382fb41dc92b0eacbe8b4833d1f86754351eafae012c3cf78c7501885c6bfe6044d559f8fc998960024264a47e58cbbfa23

        Download Submit