Overview

overview

10

Static

static

10

a46aab76

ubuntu-22.04-amd64

4

chme

ubuntu-22.04-amd64

4

isots

ubuntu-24.04-amd64

6

mctes

ubuntu-18.04-amd64

1

mswc

ubuntu-24.04-amd64

1

netstat.gz

windows7-x64

1

netstat.gz

windows10-2004-x64

1

blue_helper

ubuntu-20.04-amd64

10

kerndiacet

ubuntu-24.04-amd64

10

systemctl

ubuntu-24.04-amd64

3

uptime

ubuntu-22.04-amd64

3

w

ubuntu-22.04-amd64

3

node1

ubuntu-22.04-amd64

1

pasuspende

ubuntu-18.04-amd64

6

pasuspende

debian-9-armhf

6

pasuspende

debian-9-mips

6

pasuspende

debian-9-mipsel

6

systemctl

ubuntu-18.04-amd64

1

uptime

ubuntu-24.04-amd64

3

w

ubuntu-24.04-amd64

3

Analysis

  • max time kernel
    0s
  • max time network
    130s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20250307-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    19/03/2025, 06:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    w

  • Size

    1.3MB

  • MD5

    ef05690556c20a3cb64227693f2c9ac1

  • SHA1

    563989d7787bc2e7c16636e3a9204c1a2edfca50

  • SHA256

    94c89c4417538bd1aae2e4887a495b90a53e37634ce87a4860647bda8b6ef193

  • SHA512

    fee165013ce7fe496d07efa2ccecf139fad50825edb57f7de13e90ec38f1cf540c4fd3f8995a49cdaf3eab96c470984f2f844f3ca78d8a05724b650cc376c479

  • SSDEEP

    24576:hUv+TVGHRJNZxvGQihrwTSBZBSOXDZApX:ha+TVGLNZYQihrwTSBZIOXD

Score
3/10
discovery

Malware Config

Signatures

  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/w
    /tmp/w
    1⤵
      PID:2540
    • /bin/bash
      /bin/bash /dev/fd/3
      1⤵
        PID:2540
        • /usr/bin/date
          date "+%T"
          2⤵
            PID:2543
          • /usr/bin/wc
            wc -l
            2⤵
              PID:2546
            • /usr/bin/who
              who
              2⤵
                PID:2545
              • /usr/bin/awk
                awk "-F[a-z]:" "{ print \$2 }"
                2⤵
                • Reads runtime system information
                PID:2549
              • /usr/bin/awk
                awk "-F, " "{print \$1, \$2, \$3}"
                2⤵
                • Reads runtime system information
                PID:2550
              • /usr/bin/awk
                awk "{print \$3 \" \" \$4 , \$5}"
                2⤵
                • Reads runtime system information
                PID:2553
              • /usr/bin/sed
                sed "1,2d"
                2⤵
                • Reads runtime system information
                PID:2555

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /usr/share/zoneinfo/CTE
              Filesize

              1B

              MD5

              68b329da9893e34099c7d8ad5cb9c940

              SHA1

              adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

              SHA256

              01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

              SHA512

              be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

              Download Submit