39354f020e23e9ac6552945c646413f4a41b054bf83117b2d30b003e40926da0

Analysis

max time kernel
21576s
max time network
154s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
15-08-2022 10:03

Target

76e72506fd3a23b9854e5ba8b03398a7
Size

36KB
MD5

76e72506fd3a23b9854e5ba8b03398a7
SHA1

d8d53b3d478b5bfae2aa6fc856c2e33345c2b155
SHA256

39354f020e23e9ac6552945c646413f4a41b054bf83117b2d30b003e40926da0
SHA512

eabce413486a77633ca8ee5160afca299fb3bf0b928ce00418718f59cf2fea14eb17e7164444cd53db89fe7fdf88e32869ed78c19f06b4ed20546689e4e1346c

Score

9^/10

discovery

Contacts a large (94824) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

76e72506fd3a23b9854e5ba8b03398a7

description ioc process

/tmp/76e72506fd3a23b9854e5ba8b03398a7 /tmp/76e72506fd3a23b9854e5ba8b03398a7 76e72506fd3a23b9854e5ba8b03398a7

description	ioc	process
/tmp/76e72506fd3a23b9854e5ba8b03398a7	/tmp/76e72506fd3a23b9854e5ba8b03398a7	76e72506fd3a23b9854e5ba8b03398a7

/tmp/76e72506fd3a23b9854e5ba8b03398a7
/tmp/76e72506fd3a23b9854e5ba8b03398a7
1⤵
- Writes file to tmp directory
PID:593

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact