hxxp://108[.]174[.]58[.]28/exploit

Resubmissions

02-07-2024 20:34

240702-zch3msxhlc 4

02-07-2024 20:33

240702-zbzn1axhja 4

Analysis

max time kernel
21s
max time network
13s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
02-07-2024 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://108.174.58.28/exploit

Score

4^/10

antivm

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	gmain	1447
Changes the process name, possibly in an attempt to hide itself	gdbus	1453
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1454
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1456
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1456
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1456
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1462
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1462
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1461
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1461
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1460
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1460
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1459
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1459
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1458
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1458
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1463
Changes the process name, possibly in an attempt to hide itself	Timer	1457
Changes the process name, possibly in an attempt to hide itself	Timer	1457
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1464
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1466
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1466
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1468
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1468
Changes the process name, possibly in an attempt to hide itself	glxtest:disk$0	1469
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1470
Changes the process name, possibly in an attempt to hide itself	Cookie	1471
Changes the process name, possibly in an attempt to hide itself	Cookie	1471
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1472
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1472
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1474
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1473
Changes the process name, possibly in an attempt to hide itself	Worker Launcher	1475
Changes the process name, possibly in an attempt to hide itself	Worker Launcher	1475
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1476
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1476
Changes the process name, possibly in an attempt to hide itself	Softwar~cThread	1478
Changes the process name, possibly in an attempt to hide itself	Softwar~cThread	1478
Changes the process name, possibly in an attempt to hide itself	Softwar~cThread	1478
Changes the process name, possibly in an attempt to hide itself	CanvasRenderer	1483
Changes the process name, possibly in an attempt to hide itself	CanvasRenderer	1483
Changes the process name, possibly in an attempt to hide itself	Compositor	1482
Changes the process name, possibly in an attempt to hide itself	Compositor	1482
Changes the process name, possibly in an attempt to hide itself	WRWorkerLP#0	1481
Changes the process name, possibly in an attempt to hide itself	WRWorkerLP#0	1481
Changes the process name, possibly in an attempt to hide itself	WRWorker#0	1480
Changes the process name, possibly in an attempt to hide itself	WRWorker#0	1480
Changes the process name, possibly in an attempt to hide itself	Renderer	1479
Changes the process name, possibly in an attempt to hide itself	Renderer	1479
Changes the process name, possibly in an attempt to hide itself	ImageIO	1484
Changes the process name, possibly in an attempt to hide itself	ImageIO	1484
Changes the process name, possibly in an attempt to hide itself	Permission	1485
Changes the process name, possibly in an attempt to hide itself	Permission	1485
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1488
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1488
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1487
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1487
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1486
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1489
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1490
Changes the process name, possibly in an attempt to hide itself	gmain	1493
Changes the process name, possibly in an attempt to hide itself	gdbus	1494
Changes the process name, possibly in an attempt to hide itself	pool-/usr/libex	1495
Changes the process name, possibly in an attempt to hide itself	gmain	1499

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

firefox

description ioc process

File opened for reading /proc/cpuinfo firefox

description	ioc	process
File opened for reading	/proc/cpuinfo	firefox

Reads CPU attributes 1 TTPs 12 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxnautilusfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/online	nautilus
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

glxtestfirefoxfirefoxfirefoxdbus-daemonfirefoxfirefoxfirefoxfirefoxfirefox

description	ioc	process
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device	glxtest

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

firefoxfirefoxfirefoxgvfsdfirefoxglxtestxdg-desktop-portal-gtkdbus-daemongvfsd-fusefirefoxgvfsd-trashdconf-servicefirefoxxdg-permission-storefirefoxfirefoxxdg-document-portal

description	ioc	process
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/fd/85	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/filesystems	gvfsd
File opened for reading	/proc/self/fd/103	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/107	firefox
File opened for reading	/proc/filesystems	glxtest
File opened for reading	/proc/self/fd/12	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal-gtk
File opened for reading	/proc/1548/cmdline	dbus-daemon
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/self/task/1632/stat	firefox
File opened for reading	/proc/self/fd/110	firefox
File opened for reading	/proc/self/fd/112	firefox
File opened for reading	/proc/1497/cmdline	dbus-daemon
File opened for reading	/proc/1516/cmdline	dbus-daemon
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/sys/kernel/cap_last_cap	dbus-daemon
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/meminfo	firefox
File opened for reading	/proc/filesystems	gvfsd-trash
File opened for reading	/proc/self/fd/34	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/108	firefox
File opened for reading	/proc/self/fd/116	firefox
File opened for reading	/proc/1521/cmdline	dbus-daemon
File opened for reading	/proc/cmdline	dconf-service
File opened for reading	/proc/1545/cmdline	dbus-daemon
File opened for reading	/proc/self/fd/119	firefox
File opened for reading	/proc/self/task/1667/stat	firefox
File opened for reading	/proc/self/task/1605/stat	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/120	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/95	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/114	firefox
File opened for reading	/proc/self/fd/121	firefox
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/task/1634/stat	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/58	firefox
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1452/status	dbus-daemon
File opened for reading	/proc/self/fd/36	firefox
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/filesystems	dconf-service
File opened for reading	/proc/self/fd/75	firefox
File opened for reading	/proc/self/fd/118	firefox
File opened for reading	/proc/1404/cmdline	dbus-daemon
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/1503/cmdline	dbus-daemon
File opened for reading	/proc/1492/cmdline	dbus-daemon
File opened for reading	/proc/1512/cmdline	dbus-daemon

Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox
File opened for modification /tmp/ZAzy1sLx firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox
File opened for modification	/tmp/ZAzy1sLx	firefox

/usr/bin/firefox
firefox -new-tab http://108.174.58.28/exploit
1⤵
PID:1404

/usr/bin/which
which /usr/bin/firefox
2⤵
PID:1405

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -new-tab http://108.174.58.28/exploit
1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1404

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1448

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1448

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1448

/usr/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1448

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1450

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
4⤵
PID:1492

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
4⤵
- Reads runtime system information
PID:1497

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
4⤵
- Reads runtime system information
PID:1503

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
4⤵
- Reads runtime system information
PID:1512

/usr/libexec/gvfsd
/usr/libexec/gvfsd
4⤵
- Reads runtime system information
PID:1516

/usr/libexec/gvfsd-trash
/usr/libexec/gvfsd-trash --spawner :1.6 /org/gtk/gvfs/exec_spaw/0
5⤵
- Reads runtime system information
PID:1548

/usr/libexec/dconf-service
/usr/libexec/dconf-service
4⤵
- Reads runtime system information
PID:1539

/usr/bin/nautilus
/usr/bin/nautilus --gapplication-service
4⤵
- Reads CPU attributes
PID:1545

/usr/lib/firefox/glxtest
/usr/lib/firefox/glxtest -f 13
2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1455

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
2⤵
PID:1467

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1477

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1477

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1477

/usr/bin/dbus-launch
dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
2⤵
PID:1477

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20982 -prefMapSize 234904 -appDir /usr/lib/firefox/browser "{3231b0d9-7e4e-4a08-abbd-4dbf8dcbeaec}" 1404 true socket
2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1489

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20185 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{a80ec28c-cd23-47ec-865f-f1abd370bc1f}" 1404 true tab
2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1562

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28686 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{d5eafb3c-57ab-42ff-aec8-89d058b31dcf}" 1404 true tab
2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1602

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29364 -prefMapSize 234904 -appDir /usr/lib/firefox/browser "{7050ca21-8375-495c-87d3-1eebe3792b97}" 1404 true utility
2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1629

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25649 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{8ebe6c76-b645-476c-bf72-ef04110ea6f4}" 1404 true tab
2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1630

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25649 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{4246d8f9-7e71-4d17-9b18-410b223eb27c}" 1404 true tab
2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1635

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25649 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{b3702e9e-85e4-4ba2-94f0-9812633de171}" 1404 true tab
2⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1664

/usr/libexec/gvfsd-fuse
/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:1521

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/Downloads/ZAzy1sLx.part
Filesize
12KB

MD5
703bb99d64fc55d412c182c4c4e6b555

SHA1
0bb7ce87cc64cccc2389dee091eb891731be457c

SHA256
7de5e5366c8b62aca1877e88f2d1536deea02876bf28bd0a201553feca4d7569

SHA512
618c18c8b5fbe588353bf3d67274f3edc8095241f42ee80fdabbe7f7f946ce04d37dd05f77b08b08bba74d1097b689fe2a60f233c3511ff8dfa1dea8ca9c2f46

Download Submit
/root/Downloads/exploit.f3PoznU6.part
Filesize
25KB

MD5
4d8b897811ac8bf4f4b155fe670bd2bb

SHA1
104e291bcea7ab21ada04ad457b757479e11adfd

SHA256
0ba7da4e9489b3e35dca9ed4cc15d20017db8991537a1453270e64e27921deea

SHA512
5c9828ab5328f89f8ce026556f56ee1e2c75e543a7138bdfaae82d38e72fc50254fecdad44bf9f36c76d84ef5c37cfc2976187d54dd7806467a51ade5f1cd525

Download Submit