920375ffb3d7cb9195776f4d3b375112c45188f069c7632ef5090702b7fc3c3c

Analysis

max time kernel
0s
max time network
167s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
08-08-2022 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

p.x86_64-64.so
Size

3.5MB
MD5

0634a1c2c473bcf909e780304e9ba353
SHA1

ee38c52c6335136cf8270449e770415fe2f46757
SHA256

920375ffb3d7cb9195776f4d3b375112c45188f069c7632ef5090702b7fc3c3c
SHA512

a8092b8e1e358a820ec85dc0d7bbc92768121be03630570ae5c67b0b88cdc19827c2e3ab2130878ca35836d9146fa1e7ed5684a0bba49b5c9a5227a1ef0db06e

Score

9^/10

backdoor

Malware Config

Signatures

Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow
T1574

Processes:

ldconfig

description ioc process

/sbin/ldconfig /sbin/ldconfig ldconfig
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

description ioc

/sys/devices/system/cpu/online /sys/devices/system/cpu/online

description	ioc	process
/sbin/ldconfig	/sbin/ldconfig	ldconfig

description	ioc
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online

Reads network interface configuration 2 TTPs 6 IoCs

Fetches information about one or more active network interfaces.

backdoor

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Processes:

description	ioc
/sys/class/net/lo/address	/sys/class/net/lo/address
/sys/class/net/lo/carrier	/sys/class/net/lo/carrier
/sys/class/net/lo/type	/sys/class/net/lo/type
/sys/class/net/ens3/address	/sys/class/net/ens3/address
/sys/class/net/ens3/carrier	/sys/class/net/ens3/carrier
/sys/class/net/ens3/type	/sys/class/net/ens3/type

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

description ioc

/sys/class/net /sys/class/net

description	ioc
/sys/class/net	/sys/class/net

Reads runtime system information 16 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
/proc/582/stat	/proc/582/stat
/proc/582/statm	/proc/582/statm
/proc/mounts	/proc/mounts
/proc/stat	/proc/stat
/proc/582/cmdline	/proc/582/cmdline
/proc/582/fd	/proc/582/fd
/proc/582/io	/proc/582/io
/proc/582/smaps	/proc/582/smaps
/proc/self/maps	/proc/self/maps
/proc/582/fd/3	/proc/582/fd/3
/proc/582/task/582/stat	/proc/582/task/582/stat
/proc/582/environ	/proc/582/environ
/proc/meminfo	/proc/meminfo
/proc/582/task	/proc/582/task
/proc/582/fd/4	/proc/582/fd/4
/proc/582/status	/proc/582/status

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

description ioc

/tmp/p.x86_64-64.so /tmp/p.x86_64-64.so

description	ioc
/tmp/p.x86_64-64.so	/tmp/p.x86_64-64.so

/tmp/p.x86_64-64.so
/tmp/p.x86_64-64.so
1⤵
PID:581

/sbin/ldconfig
/sbin/ldconfig -p
1⤵
- Writes file to system bin folder
PID:587

/sbin/ldconfig.real
/sbin/ldconfig.real -p
1⤵
PID:587

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads