Analysis
-
max time kernel
0s -
max time network
148s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28-11-2022 13:32
Static task
static1
Behavioral task
behavioral1
Sample
main_10.elf
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
2 signatures
150 seconds
General
-
Target
main_10.elf
-
Size
1.4MB
-
MD5
edb69c86d16a019821f3b5848cd382bc
-
SHA1
be6988bc7c1264699d2857f7f5a7baba3aafdcb4
-
SHA256
fe1884cda10cd6759aa1a9f1b8d3a0fc91136146fdd55c8c31005654e8f86b14
-
SHA512
935f0f8e44410eb1ec11c52b089b97eeb5e3184c9aeb147ad907be98b91a91c60ec0a6244f70d04d9c7b80f94b72d02c68e9bc69081ba18e9a34cd91afeece38
-
SSDEEP
24576:8/eSnJey3JiJ8rionE33L3NAFymjFE6/h7shZbtiAz+C66VNFjxEtT6S6yFr5:8V3Drihyxh7shZbtNV6eNtxEh6S6Q5
Score
5/10
Malware Config
Signatures
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
lsdescription ioc process /proc/filesystems /proc/filesystems ls -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
description ioc /tmp/main_10.elf /tmp/main_10.elf
Processes
-
/tmp/main_10.elf/tmp/main_10.elf1⤵
-
/bin/shsh -c "php -r \"echo sys_get_temp_dir();\""1⤵
-
/bin/shsh -c "cat /etc/machine-id"1⤵
-
/bin/catcat /etc/machine-id2⤵
-
/bin/shsh -c ls1⤵
-
/bin/lsls2⤵
- Reads runtime system information