56d9f91dfa4ead57df2eec17ae1de97273eea45b6b6e845a2c5ad45e2e98c28a

Analysis

max time kernel
19730s
max time network
165s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
25-07-2022 01:29

Target

56d9f91dfa4ead57df2eec17ae1de97273eea45b6b6e845a2c5ad45e2e98c28a
Size

142KB
MD5

e16cdd98cd033011dd71ddd82e4e3a73
SHA1

f04db626d9a3646e1baf865ba063c285935fa77d
SHA256

56d9f91dfa4ead57df2eec17ae1de97273eea45b6b6e845a2c5ad45e2e98c28a
SHA512

56f3f9ec157cc88ce212fc71c49773b7dd0a9a1b830a6e353bf0157a2cf681d95a28f9304638d9cc1493155565b781c70314794e1c4f78f6c5484efdb4232f15

Score

9^/10

discovery

Contacts a large (55061) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

description	ioc
/tmp/56d9f91dfa4ead57df2eec17ae1de97273eea45b6b6e845a2c5ad45e2e98c28a	/tmp/56d9f91dfa4ead57df2eec17ae1de97273eea45b6b6e845a2c5ad45e2e98c28a

/tmp/56d9f91dfa4ead57df2eec17ae1de97273eea45b6b6e845a2c5ad45e2e98c28a
/tmp/56d9f91dfa4ead57df2eec17ae1de97273eea45b6b6e845a2c5ad45e2e98c28a
1⤵
PID:592

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact