Overview

overview

10

Static

static

10

a46aab76

ubuntu-22.04-amd64

4

chme

ubuntu-22.04-amd64

4

isots

ubuntu-24.04-amd64

6

mctes

ubuntu-18.04-amd64

1

mswc

ubuntu-24.04-amd64

1

netstat.gz

windows7-x64

1

netstat.gz

windows10-2004-x64

1

blue_helper

ubuntu-20.04-amd64

10

kerndiacet

ubuntu-24.04-amd64

10

systemctl

ubuntu-24.04-amd64

3

uptime

ubuntu-22.04-amd64

3

w

ubuntu-22.04-amd64

3

node1

ubuntu-22.04-amd64

1

pasuspende

ubuntu-18.04-amd64

6

pasuspende

debian-9-armhf

6

pasuspende

debian-9-mips

6

pasuspende

debian-9-mipsel

6

systemctl

ubuntu-18.04-amd64

1

uptime

ubuntu-24.04-amd64

3

w

ubuntu-24.04-amd64

3

Analysis

  • max time kernel
    17s
  • max time network
    22s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240226-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    19/03/2025, 06:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pasuspende

  • Size

    168B

  • MD5

    2c2b5f7b2f1aa69edf0a10517d84a7c8

  • SHA1

    6952156c2a3d7fde285376da514ea36c040c567b

  • SHA256

    293d484c0785dd3d3ecc3c339a8826267a788632960380ec6b0ddd4dbb914c89

  • SHA512

    510cf90071b39862c741b05730bdfede694e181197a567cce52724409d9ef8543ce68fb1df8c3d01c6188089276b049ebf4ff64a4cc94ea3695c19183cb27e13

Score
6/10
defense_evasiondiscoveryprivilege_escalation

Malware Config

Signatures

  • Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs

    Abuse sudo or cached sudo credentials to execute code.

    privilege_escalationdefense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads CPU attributes 1 TTPs 5 IoCs
    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/pasuspende
    /tmp/pasuspende
    1⤵
      PID:723
      • /usr/bin/sudo
        sudo pkill -9 watchdog
        2⤵
        • Abuse Elevation Control Mechanism: Sudo and Sudo Caching
        PID:730
        • /usr/sbin/sendmail
          sendmail -t
          3⤵
          • Reads runtime system information
          PID:737
          • /usr/sbin/exim4
            /usr/sbin/exim4 -Mc 1tulnR-0000Bt-09
            4⤵
            • Reads CPU attributes
            PID:748
        • /usr/sbin/sendmail
          sendmail -t
          3⤵
            PID:740
            • /usr/sbin/exim4
              /usr/sbin/exim4 -Mc 1tulnR-0000Bw-0n
              4⤵
              • Reads CPU attributes
              PID:747
          • /usr/bin/pkill
            pkill -9 watchdog
            3⤵
            • Reads CPU attributes
            • Reads runtime system information
            PID:741
        • /bin/watchdog
          /bin/watchdog
          2⤵
            PID:743
          • /usr/bin/pgrep
            pgrep -x top
            2⤵
            • Reads CPU attributes
            • Reads runtime system information
            PID:744
          • /usr/bin/pgrep
            pgrep htop
            2⤵
            • Reads CPU attributes
            • Reads runtime system information
            PID:745

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /var/mail/user
          Filesize

          825B

          MD5

          3a31e2df6e299a8799dc525346df32dc

          SHA1

          20fc8d5c78b329ed046676ab2918d0b4f798fdf1

          SHA256

          567ce8b87dbd9431c56a1b0c8681f64210a6304c949bc18211666a3fe1c8a561

          SHA512

          4ce8ab6391e1f536cf73e81b2ac50994a9b48e89ed1a200098f1888c9d3471e923d3bbe8e2edba7e5fa8591162844c83a5eda60c911979b76737dfd2b01148b4

          Download Submit

        • /var/mail/user
          Filesize

          1KB

          MD5

          60742d13bcd50e09066a31ab1b52d623

          SHA1

          e51281dceefec56df1d455b5b6a8ad6c1c6b9040

          SHA256

          fb21bd6a301c2e93dda1a31bd2e1f2668cd118a8f4d67f283e0171df0cb0d3d0

          SHA512

          61a0d33d33f222f0d81b5126901b03bec56d8b8ad0a191f494b4b726bfcaa068bfa8acdf5b17a61b695ec6d9d174101ce35be085b9ea42014af773db7e49eee4

          Download Submit

        • /var/spool/exim4/input/1tulnR-0000Bt-09-D
          Filesize

          128B

          MD5

          a2414ca81c6bc3359dfb6e7750ea547d

          SHA1

          6da797cb45af8c368343d917d25ccf1bf409e739

          SHA256

          f64b356962d97afe274e276599d1a19b81d6055cecaba0eac4736655c1928f39

          SHA512

          8a63682a47e15e2c55d3eb1cca7ab5cc68abbd49db17ae3e1114490dbb2dc153aad92cb4ba42d21be50688db2093ded80c21fdc29f7f2e19b269a759c09d1e9f

          Download Submit

        • /var/spool/exim4/input/1tulnR-0000Bt-09-J
          Filesize

          34B

          MD5

          d7d96d63d643a4ce3e408eba7dfcedc5

          SHA1

          c53607f95c5c57beafc1d8266646797a035f76ea

          SHA256

          21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159

          SHA512

          703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

          Download Submit

        • /var/spool/exim4/input/1tulnR-0000Bw-0n-D
          Filesize

          146B

          MD5

          8220ad3ea6710ec33967cf71d3e8692d

          SHA1

          08c4cbdabd7523b95190011fa1c1c72dc9dd55e0

          SHA256

          54cb5a2b7ab74814ad6d5e92ebee52c160fe0aa4e0e09ec8ef5c341a484e027f

          SHA512

          9622b03ea86588278b99b8925efbbd87fa108449d1ddf7750f2f5122027d7065df535cb36e9c5ebcee3baaa346bc0ccd2cedd35f47bc2d9a7d1f702bbe28ab7c

          Download Submit

        • /var/spool/exim4/input/hdr.737
          Filesize

          915B

          MD5

          83d69895edad3949822adf148d46659f

          SHA1

          9a161f846b9d9f3e6aee96c9568832445f50a3fc

          SHA256

          37fa48ee71a1f01cbe26ea8f9e7d090fd099143096a4c428364c288281cf4dcb

          SHA512

          e00613e5365ba09a0a8495d57672f7500b4f07cf854662ad57b3d7294874a8f3b54d44ef5246bf48875b372e2488d5a45d27438cdfabba9d778e4aaacdad8e20

          Download Submit

        • /var/spool/exim4/msglog/1tulnR-0000Bt-09
          Filesize

          288B

          MD5

          45b3eae524f1d09bef25718650bd3b92

          SHA1

          1fc34193f5f718518f7a6aaecffab1ff176071e5

          SHA256

          c482667df0eb3b042c8c2eb457f93a42be3b342346afaf8aab5c84fb618b6fa2

          SHA512

          e1765c9ede9de146c2059291a836b814162120255faa042c863b845ddb2466d679b9e35fcc747188da5ad637959a6a357af4a56ff2d4c78c9d509ddedf00de1f

          Download Submit

        • /var/spool/exim4/msglog/1tulnR-0000Bt-09
          Filesize

          89B

          MD5

          364e0ddb8360cf8e5d729b096c09e21f

          SHA1

          56cb3b8e553aa26aa0ce65eefc4ada32725b722e

          SHA256

          2dbe119f88837a1c1cae655d24a0d231463362df67365da4712a1839c092c0f0

          SHA512

          90b08ce69ad72dfe2b9fc0862f3cd1d2185809c97ae85a8a1ea4ba080ac772c19ad09f3c010c060dee79e7a65f36debb80e16112eb0d81f5c96830cf957afe26

          Download Submit

        • /var/spool/exim4/msglog/1tulnR-0000Bw-0n
          Filesize

          288B

          MD5

          72746feb65dcb8a3b59710adfa7e87ce

          SHA1

          ba4146bb6a08525d5d11db05e72983c3ef55ad6c

          SHA256

          8aefb8942575116f1cceebcc131e7d162f1a4e73d1967b5a081d6705bffb1d2e

          SHA512

          22ad30ba2e08ea0b1082cd8ba24c556dd8fe59d18a71cab0a6b8e43fddad5200d62ac3cd149a864d496bfedfe70f31a17508da6b0fea3db684f75a40a9fbba08

          Download Submit

        • /var/spool/exim4/msglog/1tulnR-0000Bw-0n
          Filesize

          89B

          MD5

          cdb34bdafecc0f77cee6275080e703aa

          SHA1

          68d17f292a7531494b91f336220c610c55cab86a

          SHA256

          a4bbc2f817b6b71945d6b25fe5b913654b166ec9cb54b6df8f2c4b44a6ed5e65

          SHA512

          3e6c1367f945af79d22fc15a572d486ae0f01be6e73261d9aa4c9588b2fcb340f52919bd386085b970e2ddf7446af6673efb13c7540fb4e9ccc5546a12e733e6

          Download Submit