Overview

overview

4

Static

static

1

.rsync/c/go

ubuntu-18.04-amd64

3

.rsync/c/go

debian-9-armhf

3

.rsync/c/go

debian-9-mips

3

.rsync/c/go

debian-9-mipsel

3

.rsync/c/l...c.so.6

ubuntu-24.04-amd64

.rsync/c/l...l.so.2

ubuntu-24.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-22.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-22.04-amd64

1

.rsync/c/l...d.so.0

ubuntu-24.04-amd64

.rsync/c/l....23.so

ubuntu-20.04-amd64

1

.rsync/c/l...v.so.2

ubuntu-18.04-amd64

1

.rsync/c/lib/32/tsm

ubuntu-24.04-amd64

1

.rsync/c/l...c.so.6

ubuntu-18.04-amd64

1

.rsync/c/l...l.so.2

ubuntu-24.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-24.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-24.04-amd64

1

.rsync/c/l...d.so.0

ubuntu-18.04-amd64

1

.rsync/c/l....23.so

ubuntu-24.04-amd64

1

.rsync/c/l...v.so.2

ubuntu-20.04-amd64

1

.rsync/c/lib/64/tsm

ubuntu-18.04-amd64

1

.rsync/c/run

ubuntu-18.04-amd64

4

.rsync/c/run

debian-9-armhf

4

.rsync/c/run

debian-9-mips

4

.rsync/c/run

debian-9-mipsel

4

.rsync/c/slow

ubuntu-18.04-amd64

1

.rsync/c/slow

debian-9-armhf

1

.rsync/c/slow

debian-9-mips

1

.rsync/c/slow

debian-9-mipsel

1

.rsync/c/tsm

ubuntu-18.04-amd64

1

.rsync/c/tsm

debian-9-armhf

1

.rsync/c/tsm

debian-9-mips

1

.rsync/c/tsm

debian-9-mipsel

1

Analysis

  • max time kernel
    116s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    01-07-2024 11:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .rsync/c/run

  • Size

    209B

  • MD5

    14d81e980c0ca2f21cfa386dbaeffc11

  • SHA1

    1736595cff66a4e29e749435d7a0a92a67c789b3

  • SHA256

    380244e59ba1b19961645d16da290b1111efc8131ae4da30fc1dde15639f2796

  • SHA512

    1e70258404880648d2a5b5b231e816bc7ed909d7a2d100d87ac85cc29b2b25ab730bef088ded84b3ac4c65705cb18ca5b0ff882446b6fe701756ac52e42c46fe

Score
4/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm

Processes

  • /tmp/.rsync/c/run
    /tmp/.rsync/c/run
    1⤵
      PID:1518
      • /usr/bin/wc
        wc -l
        2⤵
          PID:1523
        • /bin/grep
          grep name
          2⤵
            PID:1522
          • /bin/grep
            grep model
            2⤵
              PID:1521
            • /bin/cat
              cat /proc/cpuinfo
              2⤵
              • Checks CPU configuration
              PID:1520
            • /bin/sleep
              sleep 15
              2⤵
                PID:1524
              • /tmp/.rsync/c/stop
                ./stop
                2⤵
                  PID:1528
                • /bin/sleep
                  sleep 3
                  2⤵
                    PID:1529
                  • /bin/sleep
                    sleep 98
                    2⤵
                      PID:1530
                  • /usr/bin/nohup
                    nohup ./go
                    1⤵
                      PID:1533
                    • /tmp/.rsync/c/go
                      ./go
                      1⤵
                        PID:1533

                      Network

                      MITRE ATT&CK Matrix ATT&CK v13

                      Initial Access

                      Execution

                      Persistence

                      Privilege Escalation

                      Defense Evasion

                      Virtualization/Sandbox Evasion

                      1
                      T1497

                      Credential Access

                      Discovery

                      Virtualization/Sandbox Evasion

                      1
                      T1497

                      Lateral Movement

                      Collection

                      Exfiltration

                      Command and Control

                      Impact

                      Resource Development

                      Reconnaissance

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads