Automated Malware Analysis IOC Report for

Details

Filetype:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
Entropy:	5.819679405566689
Filename:	nT7K5GG5km
Filesize:	307960
MD5:	eec5c6c219535fba3a0492ea8118b397
SHA1:	292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:	12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
SHA512:	3482c8324a18302f0f37b6e23ed85f24fff9f50bb568d8fd7461bf57f077a7c592f7a88bb2e1c398699958946d87bb93ab744d13a0003f9b879c15e6471f7400
SSDEEP:	6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
Preview:	.ELF..............(.........4...P.......4. ...(........p............(...(...............................................................8...........................................Q.td..................................-...L..................@-.,@...0....S

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading
Found strings indicative of a multi-platform dropper	Spreading
Opens /proc/net/* files useful for finding connected devices and routers	Spreading	Remote System Discovery
Sample reads /proc/mounts (often used for finding a writable filesystem)	Persistence and Installation Behavior	File and Directory Discovery
Sample tries to persist itself using /etc/profile	Persistence and Installation Behavior	.bash_profile and .bashrc
Sample tries to persist itself using System V runlevels	Persistence and Installation Behavior	At (Linux)
Executes commands using a shell command-line interpreter	Persistence and Installation Behavior
Reads system information from the proc file system	Persistence and Installation Behavior	System Information Discovery
Sample listens on a socket	Networking
Sample tries to set the executable flag	Persistence and Installation Behavior	File and Directory Permissions Modification
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
Writes ELF files to disk	Persistence and Installation Behavior
Writes HTML files containing JavaScript to disk	Spam, unwanted Advertisements and Ransom Demands
Writes shell script files to disk	Persistence and Installation Behavior	Scripting
Yara signature match	System Summary
URLs found in memory or binary data	Networking

Details

File:	/etc/init.d/S95baby.sh
Category:	dropped
Dump:	S95baby.sh0.8.dr
ID:	dr_2
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	POSIX shell script, ASCII text executable
Entropy:	3.8936606896881854
Encrypted:	false
Ssdeep:	3:TKH4v0VJ:hK
Size:	25
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading
Sample tries to set the executable flag	Persistence and Installation Behavior	File and Directory Permissions Modification
Writes shell script files to disk	Persistence and Installation Behavior	Scripting

Details

File:	/etc/init.d/bootmisc.sh
Category:	dropped
Dump:	bootmisc.sh.8.dr
ID:	dr_19
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.718194263525147
Encrypted:	false
Ssdeep:	3:qXVaUsZ/IREK0GFrTOvsBdFru4KXGK+R0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4GX+R0Voo+v7n
Size:	148
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/checkfs.sh
Category:	dropped
Dump:	checkfs.sh.8.dr
ID:	dr_14
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.7173471450646
Encrypted:	false
Ssdeep:	3:qXVaUsZ/IREK0GFrTOvsBdFru4AGXi0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4u0Voo+v7n
Size:	147
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/checkroot-bootclean.sh
Category:	dropped
Dump:	checkroot-bootclean.sh.8.dr
ID:	dr_17
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.872318043360431
Encrypted:	false
Ssdeep:	6:un5GKFqLkMfF3teoARzAsBdhu4YDi0Voo+v7n:AGKE3fdARMsBLbYerTn
Size:	250
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/checkroot.sh
Category:	dropped
Dump:	checkroot.sh.8.dr
ID:	dr_20
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.922960717312443
Encrypted:	false
Ssdeep:	96:l+bjYLN1LiQKt6CYuSB/VN7pL4TyKWSmdrBW71cBi8m:0sxx2cJBVxZH01cc8m
Size:	3111
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/hostname.sh
Category:	dropped
Dump:	hostname.sh.8.dr
ID:	dr_22
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	5.01878905639229
Encrypted:	false
Ssdeep:	6:U20zRSdZ9iBbG2Us4Ji0SAGKFqLkMfF3teoWpAsBdA80F4n0u4hR9QR0Voo+v7n:Ul221wi0PGKE3fdpsBi8wlbHaNrTn
Size:	404
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/hwclock.sh
Category:	dropped
Dump:	hwclock.sh.8.dr
ID:	dr_21
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/mountall-bootclean.sh
Category:	dropped
Dump:	mountall-bootclean.sh.8.dr
ID:	dr_24
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.8912088003487595
Encrypted:	false
Ssdeep:	6:un5GKFqLkMfF3teoARzAsBdhu4iea2ii0Voo+v7n:AGKE3fdARMsBLbxPrTn
Size:	249
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/mountall.sh
Category:	dropped
Dump:	mountall.sh.8.dr
ID:	dr_13
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.74526082342869
Encrypted:	false
Ssdeep:	3:qXVaUsZ/IREK0GFrTOvsBdFru4iLirKM0FJOUsZoG3Hv0VOORgn:eoARzAsBdhu4ierX0Voo+v7n
Size:	148
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/mountdevsubfs.sh
Category:	dropped
Dump:	mountdevsubfs.sh.8.dr
ID:	dr_23
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.1427249051134325
Encrypted:	false
Ssdeep:	3:qXVaUsZoG3LWlOORgn:eoo+WMn
Size:	56
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/mountkernfs.sh
Category:	dropped
Dump:	mountkernfs.sh.8.dr
ID:	dr_16
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.1427249051134325
Encrypted:	false
Ssdeep:	3:qXVaUsZoG3LWlOORgn:eoo+WMn
Size:	56
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/mountnfs-bootclean.sh
Category:	dropped
Dump:	mountnfs-bootclean.sh.8.dr
ID:	dr_18
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.8916208864241355
Encrypted:	false
Ssdeep:	6:un5GKFqLkMfF3teoARzAsBdhu4il/2ii0Voo+v7n:AGKE3fdARMsBLbPrTn
Size:	249
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/mountnfs.sh
Category:	dropped
Dump:	mountnfs.sh.8.dr
ID:	dr_25
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.788938232230384
Encrypted:	false
Ssdeep:	3:qXVx5jWvFFFvNsTREKdKCvFF/pN1uFFFveYd3LrLl7jWvFFFvzv3Hv0VOORgn:a5qvFFhNsTR/3/hN4/Zdd75qvFFhzfv7
Size:	190
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/init.d/umountnfs.sh
Category:	dropped
Dump:	umountnfs.sh.8.dr
ID:	dr_15
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.730534942677594
Encrypted:	false
Ssdeep:	3:qXVaUsZ/ZHM4hWRJ7Fru4fR3dM0FJOUsZoG3Hv0VOORgn:eogJ7hu4pC0Voo+v7n
Size:	145
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/etc/profile.d/Z97-byobu.sh
Category:	dropped
Dump:	Z97-byobu.sh.8.dr
ID:	dr_28
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Sample tries to persist itself using /etc/profile	Persistence and Installation Behavior	.bash_profile and .bashrc

Details

File:	/etc/profile.d/apps-bin-path.sh
Category:	dropped
Dump:	apps-bin-path.sh.8.dr
ID:	dr_27
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Sample tries to persist itself using /etc/profile	Persistence and Installation Behavior	.bash_profile and .bashrc

Details

File:	/etc/profile.d/bash_completion.sh
Category:	dropped
Dump:	bash_completion.sh.8.dr
ID:	dr_29
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Sample tries to persist itself using /etc/profile	Persistence and Installation Behavior	.bash_profile and .bashrc

Details

File:	/etc/profile.d/cedilla-portuguese.sh
Category:	dropped
Dump:	cedilla-portuguese.sh.8.dr
ID:	dr_26
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Sample tries to persist itself using /etc/profile	Persistence and Installation Behavior	.bash_profile and .bashrc

Details

File:	/etc/profile.d/vte-2.91.sh
Category:	dropped
Dump:	vte-2.91.sh.8.dr
ID:	dr_30
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Sample tries to persist itself using /etc/profile	Persistence and Installation Behavior	.bash_profile and .bashrc

Details

File:	/etc/rc.local
Category:	dropped
Dump:	rc.local.8.dr
ID:	dr_3
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOOR3n:M
Size:	23
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Sample tries to persist itself using System V runlevels	Persistence and Installation Behavior	At (Linux)

Details

File:	/etc/rcS.d/S95baby.sh
Category:	dropped
Dump:	S95baby.sh.8.dr
ID:	dr_1
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	POSIX shell script, ASCII text executable
Entropy:	3.8936606896881854
Encrypted:	false
Ssdeep:	3:TKH4v0VJ:hK
Size:	25
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Sample tries to persist itself using System V runlevels	Persistence and Installation Behavior	At (Linux)
Sample tries to set the executable flag	Persistence and Installation Behavior	File and Directory Permissions Modification
Writes shell script files to disk	Persistence and Installation Behavior	Scripting

Details

File:	/usr/bin/gettext.sh
Category:	dropped
Dump:	gettext.sh.8.dr
ID:	dr_215
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.829445473341419
Encrypted:	false
Ssdeep:	48:3/fh/ylBZscHBD4JxW0aeLWVXh6Q5bxg35ZnG+PAGWKczBzzP:3xKlscH/zeix/U5ZxAGWxP
Size:	1914
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/usr/networks
Category:	dropped
Dump:	networks.8.dr
ID:	dr_0
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
Entropy:	5.819679405566689
Encrypted:	false
Ssdeep:	6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT
Size:	307960
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Yara detected Mirai
Yara detected Mirai
Yara detected Mirai
Sample tries to set the executable flag	Persistence and Installation Behavior	File and Directory Permissions Modification
Writes ELF files to disk	Persistence and Installation Behavior
Writes HTML files containing JavaScript to disk	Spam, unwanted Advertisements and Ransom Demands

Details

File:	/usr/sbin/alsa-info.sh
Category:	dropped
Dump:	alsa-info.sh0.8.dr
ID:	dr_216
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text, with very long lines
Entropy:	5.455683610707543
Encrypted:	false
Ssdeep:	384:AhYCrncz9NJ20iuYwj9hkinrV8a0cvxo5sLG:Evrncz9NJGrwj9hkinrV8aHgsLG
Size:	25983
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops files in suspicious directories	Hooking and other Techniques for Hiding and Protection	Masquerading

Details

File:	/boot/grub/i386-pc/modinfo.sh
Category:	dropped
Dump:	modinfo.sh.8.dr
ID:	dr_217
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	moderate

Details

File:	/etc/acpi/asus-keyboard-backlight.sh
Category:	dropped
Dump:	asus-keyboard-backlight.sh.8.dr
ID:	dr_7
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	5.2904323771702915
Encrypted:	false
Ssdeep:	6:K8K2A6godGINKlsX3stINKVHBfNewdrCDjwFhD2UDKVHxMn:1f/NA23stIN8HdNTek3n8HWn
Size:	326
Whitelisted:	false
Reputation:	moderate

Details

File:	/etc/acpi/asus-wireless.sh
Category:	dropped
Dump:	asus-wireless.sh.8.dr
ID:	dr_8
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.412729940630044
Encrypted:	false
Ssdeep:	3:qXVfGHvNM8iKWERAIda74QvvvLwDGvNM8iKWERAIdJCsqORFL8OORgn:KJFn40MLFb+Pn
Size:	157
Whitelisted:	false
Reputation:	moderate

Details

File:	/etc/acpi/ibm-wireless.sh
Category:	dropped
Dump:	ibm-wireless.sh.8.dr
ID:	dr_11
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.722087767454589
Encrypted:	false
Ssdeep:	12:wNGs4KSb7jFCR2TeNMngFfiTccfkneFhpmtjwkuVSd/1kVqEn:wFS/5uab2d7neFhij26/CwE
Size:	636
Whitelisted:	false
Reputation:	moderate

Details

File:	/etc/acpi/powerbtn.sh
Category:	dropped
Dump:	powerbtn.sh.8.dr
ID:	dr_9
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.778187000249208
Encrypted:	false
Ssdeep:	48:pDpMMOMTeMn/zV5rh/1RzUKH2Z8uBiXGp2fVU6GjJN+V4ATo+aZ+:pCgeCrhXHzDfVpmhC/
Size:	2079
Whitelisted:	false
Reputation:	moderate

Details

File:	/etc/acpi/tosh-wireless.sh
Category:	dropped
Dump:	tosh-wireless.sh.8.dr
ID:	dr_12
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.215331622973397
Encrypted:	false
Ssdeep:	6:KJFqcA/0MLFMkneFUJLS3SU9mFCQROAJzHdcnK/lHb/iHIYK3zQYlyMn:wK8QdeFuS3lyXp9cK/lziijQYlrn
Size:	483
Whitelisted:	false
Reputation:	moderate

Details

File:	/etc/acpi/undock.sh
Category:	dropped
Dump:	undock.sh.8.dr
ID:	dr_10
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.77497394042067
Encrypted:	false
Ssdeep:	6:KJFqcA/05CbMTCYEBKAABrX8FvfbrX8EmNv0V4n:wK852PYEBKAkrX4HXHnV4n
Size:	266
Whitelisted:	false
Reputation:	moderate

Details

File:	/etc/bash_completion.d/libreoffice.sh
Category:	dropped
Dump:	libreoffice.sh.8.dr
ID:	dr_31
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	moderate

Details

File:	/etc/wpa_supplicant/action_wpa.sh
Category:	dropped
Dump:	action_wpa.sh.8.dr
ID:	dr_5
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	5.329653855555143
Encrypted:	false
Ssdeep:	12:cVDDdg8QdNux7S3Pd7PSeSST4ydVgpuVFnn3izesU6jc45gfqlX4n:UDxReIx7O9BSu4ydVBnn4742gyJ4
Size:	714
Whitelisted:	false
Reputation:	timeout

Details

File:	/etc/wpa_supplicant/functions.sh
Category:	dropped
Dump:	functions.sh.8.dr
ID:	dr_4
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Details

File:	/etc/wpa_supplicant/ifupdown.sh
Category:	dropped
Dump:	ifupdown.sh.8.dr
ID:	dr_6
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	5.3288648372922625
Encrypted:	false
Ssdeep:	48:VcySPOD1MoGPVKSQ5NkmzYykHypw5lX3yp4ZpOqq9GCyiqYJ7l87OqxOCXnNnogq:lZfGPODjea4+9Gc7kOqxOC9ogwaRM
Size:	3368
Whitelisted:	false
Reputation:	timeout

Details

File:	/tmp/.config
Category:	dropped
Dump:	.config.8.dr
ID:	dr_218
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.841045283359712
Encrypted:	false
Ssdeep:	6:tqRaEtMFtbUrQQxXDzraOn3zuTTn/N+d/JERaEtMFtbUrQQxXDzraOn3zuTTn/NL:AF+Ftb4HaU3zu8EF+Ftb4HaU3zuV
Size:	284
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/alsa-base/alsa-info.sh
Category:	dropped
Dump:	alsa-info.sh.8.dr
ID:	dr_32
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text, with very long lines
Entropy:	5.453877096685684
Encrypted:	false
Ssdeep:	384:xhDCrnchINJ20QuPxj9DksnrVfp0+KvN5sLF:nernchINJsWxj9DksnrVfp0PsLF
Size:	25464
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/alsa/utils.sh
Category:	dropped
Dump:	utils.sh.8.dr
ID:	dr_98
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	5.44928341819888
Encrypted:	false
Ssdeep:	96:yGC9i91fZ1j73kqM51SvbZGspLpZonAeVceVIP/yKIkC6eZju:yGC90f/4SvbYapZoh/GC64ju
Size:	4725
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/brltty/initramfs/brltty.sh
Category:	dropped
Dump:	brltty.sh.8.dr
ID:	dr_35
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.925523369006428
Encrypted:	false
Ssdeep:	3:qXVOOR3vKDlOORgn:uK4n
Size:	46
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/cups/braille/cups-braille.sh
Category:	dropped
Dump:	cups-braille.sh.8.dr
ID:	dr_37
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	UTF-8 Unicode text
Entropy:	5.478748088887141
Encrypted:	false
Ssdeep:	48:OANcIOY/L/1RAnw/UYfot2tAtldWfRzRukEu/YmWhS3mj4VT5V5TNVIt6Wousukz:OANSY/L/1R3/SRWikEu9bVaH/c
Size:	3551
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/cups/braille/index.sh
Category:	dropped
Dump:	index.sh.8.dr
ID:	dr_38
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	5.080350031939274
Encrypted:	false
Ssdeep:	12:aNz9qyz2WNjcIBT/s8lHzSDIyvSs/mFex/UeHz6GJGIyzDFLn:69qA7R/s6TSkc/yex/UeT6GJHa
Size:	590
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/cups/braille/indexv3.sh
Category:	dropped
Dump:	indexv3.sh.8.dr
ID:	dr_36
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.9071581716168575
Encrypted:	false
Ssdeep:	24:hO+DYLYWYZBBmbq2rywi+bdKz80g/D+6k9JSW9L:DDYLYWYZ3rwi+BKjg/D+RJSW9L
Size:	945
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/cups/braille/indexv4.sh
Category:	dropped
Dump:	indexv4.sh.8.dr
ID:	dr_39
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.8178661177968065
Encrypted:	false
Ssdeep:	24:C9DYLYWYZBBmbq2rywd8P8LVz80g/D+6k9JSW9L:wDYLYWYZ3rwyP8Bjg/D+RJSW9L
Size:	818
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/debconf/confmodule.sh
Category:	dropped
Dump:	confmodule.sh.8.dr
ID:	dr_33
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/doc/acpid/examples/ac.sh
Category:	dropped
Dump:	ac.sh.8.dr
ID:	dr_83
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/doc/acpid/examples/default.sh
Category:	dropped
Dump:	default.sh.8.dr
ID:	dr_82
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
Category:	dropped
Dump:	mdev.conf.change_blockdev.sh.8.dr
ID:	dr_94
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.972882784760757
Encrypted:	false
Ssdeep:	6:3Z2iGYkj5Ri36+u4DXFI7WBRZrjFI7efgYjFI7e6RTaKtkmTn:J2iB6PiZqWZdqefgQq9tPkmTn
Size:	309
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/doc/cron/examples/cron-tasks-review.sh
Category:	dropped
Dump:	cron-tasks-review.sh.8.dr
ID:	dr_90
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	4.544491450799858
Encrypted:	false
Ssdeep:	96:TExE7LzpY0V0rmzBpuYlzsSwG7SRpvzTC/8mO:TExgHpYa0ABppdsSyk8mO
Size:	3647
Whitelisted:	false
Reputation:	timeout

Details

File:	/usr/share/doc/gawk/examples/network/PostAgent.sh
Category:	dropped
Dump:	PostAgent.sh.8.dr
ID:	dr_85
Target ID:	8
Process:	/tmp/nT7K5GG5km
Type:	ASCII text
Entropy:	3.882045108136863
Encrypted:	false
Ssdeep:	3:qXVOORgn:Tn
Size:	23
Whitelisted:	false
Reputation:	timeout

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files