cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc

Analysis

max time kernel
30766s
max time network
133s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
28-11-2022 12:28

Target

cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc
Size

833KB
MD5

e8db43d642a4a11feb53a58cba7d1826
SHA1

a8dcee612f8628c5384fb2c259880f330a26e28d
SHA256

cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc
SHA512

e5ba76dfbf32180c423538795ced844f5cd01a8b4574e2ff3111c2fcfb0e32bed9b699814b66fb37f3e5558c4b5e184a93df1a0fe521d19062ee32d6aedabeae
SSDEEP

24576:cRkqHKolTb+eDYUaPjRyrxTBV7KEwfzJJYTBmmKfbt:cRkpoAiH8VYZBNaJYTnKTt

Score

5^/10

Reads runtime system information 4 IoCs

Reads data from /proc virtual filesystem.

Processes:

cpcpcpcp

Writes file to tmp directory 8 IoCs

Malware often drops required files in the /tmp directory.

Processes:

cpcc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8ccacpcp

description	ioc	process
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc	/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc	cp
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca	/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca	cp
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc	/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc	cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca	/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca	cp
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc	/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc	cp
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca	/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca	cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc	/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc	cp
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca	/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca	cp

/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc
1⤵
PID:576

/bin/sh
sh -c "cp /tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc /tmp/"
2⤵
PID:577

/bin/cp
cp /tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc /tmp/
3⤵
- Reads runtime system information
PID:578

/bin/sh
sh -c "cp /tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc /tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca"
2⤵
PID:580

/bin/sh
sh -c "cp /tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc /tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca"
3⤵
PID:581

/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca /tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc
3⤵
- Writes file to tmp directory
PID:585

/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc
4⤵
PID:590

/bin/sh
sh -c "cp /tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca /tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc"
4⤵
PID:600

/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca
/tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cca /tmp/cc78370480aa1e34db737581411b1e1e30fb95cfe4442efdcbba210c6a8ac8cc
2⤵
PID:584