gafgyt | c1d8a7ed1e88ccc6ac4bd7002b2f9279031c82f45bf8e6f33aaa87602b1d8365

Analysis

max time kernel
92s
max time network
128s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
02-07-2024 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qkdjdjj22.x86.elf
Size

163KB
MD5

6f344240f3686c40e24f9bb30af5bd93
SHA1

f3b470c47d9a74c91097836be07f7fc51fd977d6
SHA256

c1d8a7ed1e88ccc6ac4bd7002b2f9279031c82f45bf8e6f33aaa87602b1d8365
SHA512

187ac80956d59e6d5ef0d5b43a4c6c2faf94a4734e834f475421da103b4542571d6928bbbf3a8da0349578985bfefd3175fc908d8a1778f2b6311bb1fe7a1c39
SSDEEP

3072:62RHUL2FlZkJoC2gQXalWvRbfiphahpCn38nuVAlZl3nmBT38dAY4:6ILDvhiphabkBwXmBT38dAY4

Score

10^/10

gafgyt botnet persistence

Malware Config

Extracted

Family

gafgyt

195.85.205.47:777

Signatures

Detected Gafgyt variant 2 IoCs

Processes:

resource yara_rule

/tmp/fileZqoP6M family_gafgyt
/tmp/fileZqoP6M family_gafgyt
Gafgyt/Bashlite
IoT botnet with numerous variants first seen in 2014.
botnet gafgyt

resource	yara_rule
/tmp/fileZqoP6M	family_gafgyt
/tmp/fileZqoP6M	family_gafgyt

Executes dropped EXE 44 IoCs

Processes:

fileZqoP6MfileHJX6xrfile2DIUFKfiles3PI62filecBRUBMfile7iWVI1filesUlba6fileTzvpb0fileFFwSJ8fileWVgLOXfileLOSLKpfileGCFU2sfileplZShRfileozNxO5fileBBsOHzfileoDVmucfilel62aWEfileXFuICNfilesxpw9sfilegqhLdZfilelyOJaBfile5aNS9ZfileF8zpZJfile7WychXfilePzm7fnfileh6G8iGfile3r8Iv3fileJPL41sfileMVSQeWfilee34F2OfileLSc0HMfilev0eUGmfilepQ1J8KfileJrGkAAfilet0oiKkfilefKjT2NfileVTNxt2file2S93nTfileLx49EbfileKUgSV8filezXgSsmfileCcgaTBfilePAdnYDfilesmVeYr

ioc	pid	process
/tmp/fileZqoP6M	2529	fileZqoP6M
/tmp/fileHJX6xr	2547	fileHJX6xr
/tmp/file2DIUFK	2548	file2DIUFK
/tmp/files3PI62	2549	files3PI62
/tmp/filecBRUBM	2550	filecBRUBM
/tmp/file7iWVI1	2551	file7iWVI1
/tmp/filesUlba6	2552	filesUlba6
/tmp/fileTzvpb0	2553	fileTzvpb0
/tmp/fileFFwSJ8	2554	fileFFwSJ8
/tmp/fileWVgLOX	2555	fileWVgLOX
/tmp/fileLOSLKp	2556	fileLOSLKp
/tmp/fileGCFU2s	2557	fileGCFU2s
/tmp/fileplZShR	2558	fileplZShR
/tmp/fileozNxO5	2562	fileozNxO5
/tmp/fileBBsOHz	2563	fileBBsOHz
/tmp/fileoDVmuc	2564	fileoDVmuc
/tmp/filel62aWE	2565	filel62aWE
/tmp/fileXFuICN	2566	fileXFuICN
/tmp/filesxpw9s	2567	filesxpw9s
/tmp/filegqhLdZ	2568	filegqhLdZ
/tmp/filelyOJaB	2569	filelyOJaB
/tmp/file5aNS9Z	2570	file5aNS9Z
/tmp/fileF8zpZJ	2571	fileF8zpZJ
/tmp/file7WychX	2572	file7WychX
/tmp/filePzm7fn	2573	filePzm7fn
/tmp/fileh6G8iG	2574	fileh6G8iG
/tmp/file3r8Iv3	2575	file3r8Iv3
/tmp/fileJPL41s	2576	fileJPL41s
/tmp/fileMVSQeW	2577	fileMVSQeW
/tmp/filee34F2O	2578	filee34F2O
/tmp/fileLSc0HM	2579	fileLSc0HM
/tmp/filev0eUGm	2580	filev0eUGm
/tmp/filepQ1J8K	2581	filepQ1J8K
/tmp/fileJrGkAA	2582	fileJrGkAA
/tmp/filet0oiKk	2583	filet0oiKk
/tmp/filefKjT2N	2584	filefKjT2N
/tmp/fileVTNxt2	2585	fileVTNxt2
/tmp/file2S93nT	2586	file2S93nT
/tmp/fileLx49Eb	2587	fileLx49Eb
/tmp/fileKUgSV8	2588	fileKUgSV8
/tmp/filezXgSsm	2589	filezXgSsm
/tmp/fileCcgaTB	2590	fileCcgaTB
/tmp/filePAdnYD	2592	filePAdnYD
/tmp/filesmVeYr	2593	filesmVeYr

Creates/modifies Cron job 1 TTPs 44 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

Processes:

fileoDVmucfilesxpw9sfile5aNS9ZfilePzm7fnfileVTNxt2fileCcgaTBfilePAdnYDfileTzvpb0fileGCFU2sfilel62aWEfileXFuICNfile2S93nTfileLx49EbfilelyOJaBfileh6G8iGfilefKjT2NfilesUlba6fileplZShRfileozNxO5file3r8Iv3fileMVSQeWfileLSc0HMfilepQ1J8KfileHJX6xrfilecBRUBMfileWVgLOXfilegqhLdZfileJPL41sfilev0eUGmfileFFwSJ8fileLOSLKpfileBBsOHzfileZqoP6Mfiles3PI62file7WychXfilee34F2Ofilet0oiKkfilezXgSsmqkdjdjj22.x86.elffile2DIUFKfile7iWVI1fileF8zpZJfileJrGkAAfileKUgSV8

description	ioc	process
File opened for modification	/etc/cron.hourly/0	fileoDVmuc
File opened for modification	/etc/cron.hourly/0	filesxpw9s
File opened for modification	/etc/cron.hourly/0	file5aNS9Z
File opened for modification	/etc/cron.hourly/0	filePzm7fn
File opened for modification	/etc/cron.hourly/0	fileVTNxt2
File opened for modification	/etc/cron.hourly/0	fileCcgaTB
File opened for modification	/etc/cron.hourly/0	filePAdnYD
File opened for modification	/etc/cron.hourly/0	fileTzvpb0
File opened for modification	/etc/cron.hourly/0	fileGCFU2s
File opened for modification	/etc/cron.hourly/0	filel62aWE
File opened for modification	/etc/cron.hourly/0	fileXFuICN
File opened for modification	/etc/cron.hourly/0	file2S93nT
File opened for modification	/etc/cron.hourly/0	fileLx49Eb
File opened for modification	/etc/cron.hourly/0	filelyOJaB
File opened for modification	/etc/cron.hourly/0	fileh6G8iG
File opened for modification	/etc/cron.hourly/0	filefKjT2N
File opened for modification	/etc/cron.hourly/0	filesUlba6
File opened for modification	/etc/cron.hourly/0	fileplZShR
File opened for modification	/etc/cron.hourly/0	fileozNxO5
File opened for modification	/etc/cron.hourly/0	file3r8Iv3
File opened for modification	/etc/cron.hourly/0	fileMVSQeW
File opened for modification	/etc/cron.hourly/0	fileLSc0HM
File opened for modification	/etc/cron.hourly/0	filepQ1J8K
File opened for modification	/etc/cron.hourly/0	fileHJX6xr
File opened for modification	/etc/cron.hourly/0	filecBRUBM
File opened for modification	/etc/cron.hourly/0	fileWVgLOX
File opened for modification	/etc/cron.hourly/0	filegqhLdZ
File opened for modification	/etc/cron.hourly/0	fileJPL41s
File opened for modification	/etc/cron.hourly/0	filev0eUGm
File opened for modification	/etc/cron.hourly/0	fileFFwSJ8
File opened for modification	/etc/cron.hourly/0	fileLOSLKp
File opened for modification	/etc/cron.hourly/0	fileBBsOHz
File opened for modification	/etc/cron.hourly/0	fileZqoP6M
File opened for modification	/etc/cron.hourly/0	files3PI62
File opened for modification	/etc/cron.hourly/0	file7WychX
File opened for modification	/etc/cron.hourly/0	filee34F2O
File opened for modification	/etc/cron.hourly/0	filet0oiKk
File opened for modification	/etc/cron.hourly/0	filezXgSsm
File opened for modification	/etc/cron.hourly/0	qkdjdjj22.x86.elf
File opened for modification	/etc/cron.hourly/0	file2DIUFK
File opened for modification	/etc/cron.hourly/0	file7iWVI1
File opened for modification	/etc/cron.hourly/0	fileF8zpZJ
File opened for modification	/etc/cron.hourly/0	fileJrGkAA
File opened for modification	/etc/cron.hourly/0	fileKUgSV8

Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow
T1574

Processes:

qkdjdjj22.x86.elf

description ioc process

File opened for modification /bin/ls qkdjdjj22.x86.elf

description	ioc	process
File opened for modification	/bin/ls	qkdjdjj22.x86.elf

Reads runtime system information 45 IoCs

Reads data from /proc virtual filesystem.

Processes:

fileZqoP6MfileozNxO5file7WychXfileJPL41sfileLSc0HMfilesmVeYrfile7iWVI1fileTzvpb0filesxpw9sfilepQ1J8KfileJrGkAAfileKUgSV8filezXgSsmfileXFuICNfile5aNS9Zfile3r8Iv3fileLx49EbfileHJX6xrfiles3PI62filesUlba6fileFFwSJ8fileWVgLOXfileLOSLKpfileGCFU2sfileF8zpZJfileMVSQeWfilefKjT2Nqkdjdjj22.x86.elffilecBRUBMfilePzm7fnfilev0eUGmfilet0oiKkfileCcgaTBfileplZShRfileoDVmucfilel62aWEfilePAdnYDfile2DIUFKfileBBsOHzfilegqhLdZfilelyOJaBfileh6G8iGfilee34F2OfileVTNxt2file2S93nT

description	ioc	process
File opened for reading	/proc/self/exe	fileZqoP6M
File opened for reading	/proc/self/exe	fileozNxO5
File opened for reading	/proc/self/exe	file7WychX
File opened for reading	/proc/self/exe	fileJPL41s
File opened for reading	/proc/self/exe	fileLSc0HM
File opened for reading	/proc/self/exe	filesmVeYr
File opened for reading	/proc/self/exe	file7iWVI1
File opened for reading	/proc/self/exe	fileTzvpb0
File opened for reading	/proc/self/exe	filesxpw9s
File opened for reading	/proc/self/exe	filepQ1J8K
File opened for reading	/proc/self/exe	fileJrGkAA
File opened for reading	/proc/self/exe	fileKUgSV8
File opened for reading	/proc/self/exe	filezXgSsm
File opened for reading	/proc/self/exe	fileXFuICN
File opened for reading	/proc/self/exe	file5aNS9Z
File opened for reading	/proc/self/exe	file3r8Iv3
File opened for reading	/proc/self/exe	fileLx49Eb
File opened for reading	/proc/self/exe	fileHJX6xr
File opened for reading	/proc/self/exe	files3PI62
File opened for reading	/proc/self/exe	filesUlba6
File opened for reading	/proc/self/exe	fileFFwSJ8
File opened for reading	/proc/self/exe	fileWVgLOX
File opened for reading	/proc/self/exe	fileLOSLKp
File opened for reading	/proc/self/exe	fileGCFU2s
File opened for reading	/proc/self/exe	fileF8zpZJ
File opened for reading	/proc/self/exe	fileMVSQeW
File opened for reading	/proc/self/exe	filefKjT2N
File opened for reading	/proc/self/exe	qkdjdjj22.x86.elf
File opened for reading	/proc/self/exe	filecBRUBM
File opened for reading	/proc/self/exe	filePzm7fn
File opened for reading	/proc/self/exe	filev0eUGm
File opened for reading	/proc/self/exe	filet0oiKk
File opened for reading	/proc/self/exe	fileCcgaTB
File opened for reading	/proc/self/exe	fileplZShR
File opened for reading	/proc/self/exe	fileoDVmuc
File opened for reading	/proc/self/exe	filel62aWE
File opened for reading	/proc/self/exe	filePAdnYD
File opened for reading	/proc/self/exe	file2DIUFK
File opened for reading	/proc/self/exe	fileBBsOHz
File opened for reading	/proc/self/exe	filegqhLdZ
File opened for reading	/proc/self/exe	filelyOJaB
File opened for reading	/proc/self/exe	fileh6G8iG
File opened for reading	/proc/self/exe	filee34F2O
File opened for reading	/proc/self/exe	fileVTNxt2
File opened for reading	/proc/self/exe	file2S93nT

Writes file to tmp directory 45 IoCs

Malware often drops required files in the /tmp directory.

Processes:

qkdjdjj22.x86.elffileZqoP6Mfile2DIUFKfile7WychXfile3r8Iv3filev0eUGmfilesUlba6fileFFwSJ8fileWVgLOXfilee34F2OfileVTNxt2fileKUgSV8fileHJX6xrfilecBRUBMfileTzvpb0fileBBsOHzfilepQ1J8KfilesmVeYrfileLOSLKpfileozNxO5filel62aWEfileXFuICNfileMVSQeWfileLx49EbfileGCFU2sfileoDVmucfilegqhLdZfileLSc0HMfileJrGkAAfile2S93nTfile7iWVI1fileplZShRfile5aNS9ZfileJPL41sfilefKjT2NfileCcgaTBfiles3PI62filesxpw9sfilelyOJaBfileF8zpZJfilePzm7fnfileh6G8iGfilet0oiKkfilezXgSsmfilePAdnYD

description	ioc	process
File opened for modification	/tmp/fileZqoP6M	qkdjdjj22.x86.elf
File opened for modification	/tmp/fileHJX6xr	fileZqoP6M
File opened for modification	/tmp/files3PI62	file2DIUFK
File opened for modification	/tmp/filePzm7fn	file7WychX
File opened for modification	/tmp/fileJPL41s	file3r8Iv3
File opened for modification	/tmp/filepQ1J8K	filev0eUGm
File opened for modification	/tmp/fileTzvpb0	filesUlba6
File opened for modification	/tmp/fileWVgLOX	fileFFwSJ8
File opened for modification	/tmp/fileLOSLKp	fileWVgLOX
File opened for modification	/tmp/fileLSc0HM	filee34F2O
File opened for modification	/tmp/file2S93nT	fileVTNxt2
File opened for modification	/tmp/filezXgSsm	fileKUgSV8
File opened for modification	/tmp/file2DIUFK	fileHJX6xr
File opened for modification	/tmp/file7iWVI1	filecBRUBM
File opened for modification	/tmp/fileFFwSJ8	fileTzvpb0
File opened for modification	/tmp/fileoDVmuc	fileBBsOHz
File opened for modification	/tmp/fileJrGkAA	filepQ1J8K
File opened for modification	/tmp/fileC6vg8b	filesmVeYr
File opened for modification	/tmp/fileGCFU2s	fileLOSLKp
File opened for modification	/tmp/fileBBsOHz	fileozNxO5
File opened for modification	/tmp/fileXFuICN	filel62aWE
File opened for modification	/tmp/filesxpw9s	fileXFuICN
File opened for modification	/tmp/filee34F2O	fileMVSQeW
File opened for modification	/tmp/fileKUgSV8	fileLx49Eb
File opened for modification	/tmp/fileplZShR	fileGCFU2s
File opened for modification	/tmp/filel62aWE	fileoDVmuc
File opened for modification	/tmp/filelyOJaB	filegqhLdZ
File opened for modification	/tmp/filev0eUGm	fileLSc0HM
File opened for modification	/tmp/filet0oiKk	fileJrGkAA
File opened for modification	/tmp/fileLx49Eb	file2S93nT
File opened for modification	/tmp/filesUlba6	file7iWVI1
File opened for modification	/tmp/fileozNxO5	fileplZShR
File opened for modification	/tmp/fileF8zpZJ	file5aNS9Z
File opened for modification	/tmp/fileMVSQeW	fileJPL41s
File opened for modification	/tmp/fileVTNxt2	filefKjT2N
File opened for modification	/tmp/filePAdnYD	fileCcgaTB
File opened for modification	/tmp/filecBRUBM	files3PI62
File opened for modification	/tmp/filegqhLdZ	filesxpw9s
File opened for modification	/tmp/file5aNS9Z	filelyOJaB
File opened for modification	/tmp/file7WychX	fileF8zpZJ
File opened for modification	/tmp/fileh6G8iG	filePzm7fn
File opened for modification	/tmp/file3r8Iv3	fileh6G8iG
File opened for modification	/tmp/filefKjT2N	filet0oiKk
File opened for modification	/tmp/fileCcgaTB	filezXgSsm
File opened for modification	/tmp/filesmVeYr	filePAdnYD

/tmp/qkdjdjj22.x86.elf
/tmp/qkdjdjj22.x86.elf
1⤵
- Creates/modifies Cron job
- Writes file to system bin folder
- Reads runtime system information
- Writes file to tmp directory
PID:2524

/tmp/fileZqoP6M
/tmp/qkdjdjj22.x86.elf
2⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2529

/tmp/fileHJX6xr
/tmp/qkdjdjj22.x86.elf
3⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2547

/tmp/file2DIUFK
/tmp/qkdjdjj22.x86.elf
4⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2548

/tmp/files3PI62
/tmp/qkdjdjj22.x86.elf
5⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2549

/tmp/filecBRUBM
/tmp/qkdjdjj22.x86.elf
6⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2550

/tmp/file7iWVI1
/tmp/qkdjdjj22.x86.elf
7⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2551

/tmp/filesUlba6
/tmp/qkdjdjj22.x86.elf
8⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2552

/tmp/fileTzvpb0
/tmp/qkdjdjj22.x86.elf
9⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2553

/tmp/fileFFwSJ8
/tmp/qkdjdjj22.x86.elf
10⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2554

/tmp/fileWVgLOX
/tmp/qkdjdjj22.x86.elf
11⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2555

/tmp/fileLOSLKp
/tmp/qkdjdjj22.x86.elf
12⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2556

/tmp/fileGCFU2s
/tmp/qkdjdjj22.x86.elf
13⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2557

/tmp/fileplZShR
/tmp/qkdjdjj22.x86.elf
14⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2558

/tmp/fileozNxO5
/tmp/qkdjdjj22.x86.elf
15⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2562

/tmp/fileBBsOHz
/tmp/qkdjdjj22.x86.elf
16⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2563

/tmp/fileoDVmuc
/tmp/qkdjdjj22.x86.elf
17⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2564

/tmp/filel62aWE
/tmp/qkdjdjj22.x86.elf
18⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2565

/tmp/fileXFuICN
/tmp/qkdjdjj22.x86.elf
19⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2566

/tmp/filesxpw9s
/tmp/qkdjdjj22.x86.elf
20⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2567

/tmp/filegqhLdZ
/tmp/qkdjdjj22.x86.elf
21⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2568

/tmp/filelyOJaB
/tmp/qkdjdjj22.x86.elf
22⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2569

/tmp/file5aNS9Z
/tmp/qkdjdjj22.x86.elf
23⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2570

/tmp/fileF8zpZJ
/tmp/qkdjdjj22.x86.elf
24⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2571

/tmp/file7WychX
/tmp/qkdjdjj22.x86.elf
25⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2572

/tmp/filePzm7fn
/tmp/qkdjdjj22.x86.elf
26⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2573

/tmp/fileh6G8iG
/tmp/qkdjdjj22.x86.elf
27⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2574

/tmp/file3r8Iv3
/tmp/qkdjdjj22.x86.elf
28⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2575

/tmp/fileJPL41s
/tmp/qkdjdjj22.x86.elf
29⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2576

/tmp/fileMVSQeW
/tmp/qkdjdjj22.x86.elf
30⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2577

/tmp/filee34F2O
/tmp/qkdjdjj22.x86.elf
31⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2578

/tmp/fileLSc0HM
/tmp/qkdjdjj22.x86.elf
32⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2579

/tmp/filev0eUGm
/tmp/qkdjdjj22.x86.elf
33⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2580

/tmp/filepQ1J8K
/tmp/qkdjdjj22.x86.elf
34⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2581

/tmp/fileJrGkAA
/tmp/qkdjdjj22.x86.elf
35⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2582

/tmp/filet0oiKk
/tmp/qkdjdjj22.x86.elf
36⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2583

/tmp/filefKjT2N
/tmp/qkdjdjj22.x86.elf
37⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2584

/tmp/fileVTNxt2
/tmp/qkdjdjj22.x86.elf
38⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2585

/tmp/file2S93nT
/tmp/qkdjdjj22.x86.elf
39⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2586

/tmp/fileLx49Eb
/tmp/qkdjdjj22.x86.elf
40⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2587

/tmp/fileKUgSV8
/tmp/qkdjdjj22.x86.elf
41⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2588

/tmp/filezXgSsm
/tmp/qkdjdjj22.x86.elf
42⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2589

/tmp/fileCcgaTB
/tmp/qkdjdjj22.x86.elf
43⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2590

/tmp/filePAdnYD
/tmp/qkdjdjj22.x86.elf
44⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
PID:2592

/tmp/filesmVeYr
/tmp/qkdjdjj22.x86.elf
45⤵
- Executes dropped EXE
- Reads runtime system information
- Writes file to tmp directory
PID:2593

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/0
Filesize
92B

MD5
3f006f7f81fc17be7f4a0d3da0fad5de

SHA1
97a94d3d0654c6551057af3809b52572bd7f9f5d

SHA256
982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf

SHA512
97d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0

Download Submit
/tmp/fileZqoP6M
Filesize
155KB

MD5
d7c06cd80f877b3697b829ee12851d5d

SHA1
977a6258d47f140effe07e1b1d6a93ea161ad138

SHA256
4fedb406cadc190c90b552b01e5cb1891568db837cccd121fa9965223d21bc22

SHA512
19f524abef2e7ffd9908ef34459c6388780e30d69499315a1b70362441ab897af1158bd14c0133d3be8bb27381787c6062f55e8d99be06ee93736cbba535d295

Download Submit
/tmp/fileZqoP6M
Filesize
163KB

MD5
6f344240f3686c40e24f9bb30af5bd93

SHA1
f3b470c47d9a74c91097836be07f7fc51fd977d6

SHA256
c1d8a7ed1e88ccc6ac4bd7002b2f9279031c82f45bf8e6f33aaa87602b1d8365

SHA512
187ac80956d59e6d5ef0d5b43a4c6c2faf94a4734e834f475421da103b4542571d6928bbbf3a8da0349578985bfefd3175fc908d8a1778f2b6311bb1fe7a1c39

Download Submit