Overview
overview
10Static
static
10kM4SUzCwEz...9SyQbw
windows10-ltsc_2021-x64
kM4SUzCwEz...9SyQbw
windows7-x64
kM4SUzCwEz...9SyQbw
windows10-2004-x64
kM4SUzCwEz...9SyQbw
windows10-ltsc_2021-x64
kM4SUzCwEz...9SyQbw
windows11-21h2-x64
kM4SUzCwEz...9SyQbw
android-11-x64
kM4SUzCwEz...9SyQbw
android-13-x64
kM4SUzCwEz...9SyQbw
debian-9-armhf
7Analysis
-
max time kernel
119s -
max time network
68s -
platform
debian-9_armhf -
resource
debian9-armhf-20240418-en -
resource tags
arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
25/03/2025, 12:36
Behavioral task
behavioral1
Sample
kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw
Resource
win10ltsc2021-20250314-en
windows10-ltsc_2021-x64
Behavioral task
behavioral2
Sample
kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral3
Sample
kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw
Resource
win10v2004-20250314-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw
Resource
win10ltsc2021-20250314-en
windows10-ltsc_2021-x64
Behavioral task
behavioral5
Sample
kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw
Resource
win11-20250313-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw
Resource
android-x64-arm64-20240910-en
android-11-x64
Behavioral task
behavioral7
Sample
kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw
Resource
android-33-x64-arm64-20240910-en
android-13-x64
Behavioral task
behavioral8
Sample
kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw
Resource
debian9-armhf-20240418-en
debian-9-armhf
General
-
Target
kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw
-
Size
141KB
-
MD5
3ca8decdb1e52c423c521bfff02ac200
-
SHA1
8621ecd6807109b8541912ad9e134f6fb49bfd48
-
SHA256
dee3a1252e88f188c362e08b16ece678559ad2566511871f5cde69296f6c779f
-
SHA512
b6f89d7875d584c109f30814738fec4fe04619745941d9cbbff20bbefbab454dee7180321f6913da1a3b89fba2dc743b28631e52261539d091cc802a5c7a1c7a
-
SSDEEP
3072:h2mQRJQqJ3OuMP2Q72katWmUd4jEJ/SL06gO0NmmytHHQRkLCalY:h2Y17zaPnEJ/SL16mmytHHQRkLplY
Malware Config
Signatures
-
Renames itself 1 IoCs
pid Process 646 kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /var/spool/cron/crontabs/tmp.U8Ne5c crontab -
Enumerates running processes
Discovers information about currently running processes on the system
-
description ioc Process File opened for reading /proc/692/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/772/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/16/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/277/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/329/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/596/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/662/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/680/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/774/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/776/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/4/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/21/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/22/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/108/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/132/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/299/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/306/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/739/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/24/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/25/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/259/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/592/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/710/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/745/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/778/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/780/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/27/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/41/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/42/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/169/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/688/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/782/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/6/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/8/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/644/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/693/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/696/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/740/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/761/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/43/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/275/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/642/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/714/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/729/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/9/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/11/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/97/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/579/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/600/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/768/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/5/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/12/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/105/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/146/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/674/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/706/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/715/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/720/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/2/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/272/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/297/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/643/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/725/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw File opened for reading /proc/735/cmdline kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw
Processes
-
/tmp/kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw/tmp/kM4SUzCwEzLqZpTJHEAML2NCRRvn9SyQbw bcdedit /set shutdown /r /f /t 21⤵
- Renames itself
- Reads runtime system information
PID:645 -
/bin/shsh -c "crontab -l"2⤵PID:648
-
/usr/bin/crontabcrontab -l3⤵PID:650
-
-
-
/bin/shsh -c "crontab -"2⤵PID:652
-
/usr/bin/crontabcrontab -3⤵
- Creates/modifies Cron job
PID:654
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210B
MD596e70ff8ba89ab3889253986233443ad
SHA1566bc4b8101a761a4e43136f45f36a1221f82ade
SHA256672e9e5967eab44dc31528765206e352d19afd6f440ac2f577e132f8c7a05c22
SHA5124a7163747aaa3f90e8daef8747b3c271a51587ad12180f64e2735194b7944e5fbe379b5897c2665a47b4897cbcb35455d03b7019457468e0586eba68d5e606ae