Overview

overview

10

Static

static

10

skidv2.x86...21.elf

ubuntu-18.04-amd64

7

Analysis

  • max time kernel
    25047s
  • max time network
    151s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    24/09/2022, 14:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    skidv2.x86_64-20220924-1421.elf

  • Size

    66KB

  • MD5

    fc6d0f18c2b86e9b787b1a856c2e4d5f

  • SHA1

    bb574e43a9784e5eff1771b4745094338feeb8ed

  • SHA256

    685a6fbeb5fb12719e1efb48f2c5fc6a4f86a4b6950fa1bf214140b409b36422

  • SHA512

    ef508290b3e7bbd0de5fce8f4b714308bdb2a3d28fa75d6fdd9038c8ee21a5b25db18d682e3596e34d0e6d546ab1fb863cca357651a06f17ee93af9b6ab53298

  • SSDEEP

    1536:pUluhdikJUVWMxMa0cFdy3cwpwVp5bqlG3I9lau6YLYbqFUm/VLt:iuhdiaUMSMa0Kact5WlG3Iz6YLYDm/Vh

Score
7/10

Malware Config

Signatures

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 24 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/skidv2.x86_64-20220924-1421.elf
    /tmp/skidv2.x86_64-20220924-1421.elf
    1⤵
      PID:593
    • /bin/sh
      sh -c "rm -rf bin/busybox && mkdir bin; >bin/busybox && mv /tmp/skidv2.x86_64-20220924-1421.elf bin/busybox; chmod 777 bin/busybox"
      1⤵
        PID:594
        • /bin/rm
          rm -rf bin/busybox
          2⤵
            PID:595
          • /bin/mkdir
            mkdir bin
            2⤵
            • Reads runtime system information
            PID:596
          • /bin/mv
            mv /tmp/skidv2.x86_64-20220924-1421.elf bin/busybox
            2⤵
            • Reads runtime system information
            PID:597
          • /bin/chmod
            chmod 777 bin/busybox
            2⤵
              PID:598

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads