Analysis
-
max time kernel
0s -
max time network
134s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
15-11-2022 13:08
Behavioral task
behavioral1
Sample
f47de978da1dbfc5e0f195745e3368d3ceef034e964817c66ba01396a1953d72.elf
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
2 signatures
150 seconds
General
-
Target
f47de978da1dbfc5e0f195745e3368d3ceef034e964817c66ba01396a1953d72.elf
-
Size
30KB
-
MD5
915ca30a12f19152e6ee7fcd595b7b41
-
SHA1
0e214a3bb9955b9b792d0ef785beee212a26c7fd
-
SHA256
f47de978da1dbfc5e0f195745e3368d3ceef034e964817c66ba01396a1953d72
-
SHA512
7d0a8c44e394355ebba40aeafbc9a36634be63ef386c9dc0c69c2af9dea47e611490e8a20415ec7c3aa9d1b5ffe0a9d43e9ab3f93b1b15762ed4b73c79e67377
-
SSDEEP
384:Jq1PnO447Iu6PJOK8IkVaBSua3xkpVYGjk3MmBMyV4M3mY0iFL6nvIO5xflkYkeD:Jq1bSSoVn02gQMMMy10iFLBq5tD
Score
5/10
Malware Config
Signatures
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
cpdescription ioc process /proc/filesystems /proc/filesystems cp -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
cpdescription ioc process /tmp/f47de978da1dbfc5e0f195745e3368d3ceef034e964817c66ba01396a1953d72.elf /tmp/f47de978da1dbfc5e0f195745e3368d3ceef034e964817c66ba01396a1953d72.elf cp
Processes
-
/tmp/f47de978da1dbfc5e0f195745e3368d3ceef034e964817c66ba01396a1953d72.elf/tmp/f47de978da1dbfc5e0f195745e3368d3ceef034e964817c66ba01396a1953d72.elf1⤵
-
/bin/shsh -c "/bin/rm -f /var/lock/kdumpdb;/bin/cp /tmp/f47de978da1dbfc5e0f195745e3368d3ceef034e964817c66ba01396a1953d72.elf /var/lock/kdumpdb && /bin/chmod 755 /var/lock/kdumpdb && /var/lock/kdumpdb --init"2⤵
-
/bin/rm/bin/rm -f /var/lock/kdumpdb3⤵
-
/bin/cp/bin/cp /tmp/f47de978da1dbfc5e0f195745e3368d3ceef034e964817c66ba01396a1953d72.elf /var/lock/kdumpdb3⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/chmod/bin/chmod 755 /var/lock/kdumpdb3⤵
-
/var/lock/kdumpdb/var/lock/kdumpdb --init3⤵