fb011faabf050be96509d2e50f4b03ed6b370815b5aeef955bce3b135af533a4

Analysis

max time kernel
23632s
max time network
127s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
08-09-2022 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8aa5d111ce9218f8690376f47a7ba43c.elf
Size

4.5MB
MD5

8aa5d111ce9218f8690376f47a7ba43c
SHA1

141abf592787f1d997750a5c1f614b3738e8a31e
SHA256

fb011faabf050be96509d2e50f4b03ed6b370815b5aeef955bce3b135af533a4
SHA512

24663c2a4f494363b4b137104cd648cc90d9030db7c4d0c9660229c0af364eb5cfb3ee6cc151f192845ebf50e57bfd2c17fe1bd84dd8f108e6a5eda8e7760877
SSDEEP

49152:25GmfaGcy6YxAje6CWH6KIylKj5fpUp5/6A5YBVrZp6qpIDkV7dZnHWsquAb7/i:2Zey6YuKKtlKlRUrY3IO8/i

Score

7^/10

persistence

Malware Config

Signatures

Modifies init.d 1 TTPs 1 IoCs

Adds/modifies system service, likely for persistence.

persistence

Boot or Logon Autostart Execution

T1547

description	ioc	Process
/etc/init.d/System.sh	/etc/init.d/System.sh	8aa5d111ce9218f8690376f47a7ba43c.elf

Write file to user bin folder 1 TTPs 1 IoCs

Hijack Execution Flow

T1574

description	ioc	Process
/usr/local/sbin/7z	/usr/local/sbin/7z	8aa5d111ce9218f8690376f47a7ba43c.elf

/tmp/8aa5d111ce9218f8690376f47a7ba43c.elf
/tmp/8aa5d111ce9218f8690376f47a7ba43c.elf
1⤵
- Modifies init.d
- Write file to user bin folder
PID:577

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads