8d3192fe32a3ce6a234d36412ccea613ad151b5b11157dc7641840a9b98c6ed8

Analysis

max time kernel
30958s
max time network
155s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
02-12-2022 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

979dcd8b074443b33f21bee29d2d16df.elf
Size

40KB
MD5

979dcd8b074443b33f21bee29d2d16df
SHA1

61b54d8e98b8b0d99737eb96063fec74da746de2
SHA256

8d3192fe32a3ce6a234d36412ccea613ad151b5b11157dc7641840a9b98c6ed8
SHA512

bd164fe01b3e1749c2da09ea2d5b871d3dc6a995f4b9c659c59df3d28d53decba18f0001f92d4b814dff5145399d0ff795a0aee81824acd5a18b8dde742490f1
SSDEEP

384:9sPWgphd3/tNki7G2cB3YoNXMWmLiibtiYZ/gv6qpWTdUcEJlYw+mDIledmVQW:9NgL5/tNkiMY+muibtimU4Tdx4daP

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
/proc/1032/exe	/proc/1032/exe
/proc/1210/exe	/proc/1210/exe
/proc/2230/exe	/proc/2230/exe
/proc/2955/exe	/proc/2955/exe
/proc/761/exe	/proc/761/exe
/proc/824/exe	/proc/824/exe
/proc/1517/exe	/proc/1517/exe
/proc/2564/exe	/proc/2564/exe
/proc/2633/exe	/proc/2633/exe
/proc/1283/exe	/proc/1283/exe
/proc/1336/exe	/proc/1336/exe
/proc/1392/exe	/proc/1392/exe
/proc/2482/exe	/proc/2482/exe
/proc/2601/exe	/proc/2601/exe
/proc/1181/exe	/proc/1181/exe
/proc/1400/exe	/proc/1400/exe
/proc/1670/exe	/proc/1670/exe
/proc/1972/exe	/proc/1972/exe
/proc/1172/exe	/proc/1172/exe
/proc/1279/exe	/proc/1279/exe
/proc/1486/exe	/proc/1486/exe
/proc/1715/exe	/proc/1715/exe
/proc/2366/exe	/proc/2366/exe
/proc/2672/exe	/proc/2672/exe
/proc/1016/exe	/proc/1016/exe
/proc/1711/exe	/proc/1711/exe
/proc/2302/exe	/proc/2302/exe
/proc/2888/exe	/proc/2888/exe
/proc/1046/exe	/proc/1046/exe
/proc/1091/exe	/proc/1091/exe
/proc/1574/exe	/proc/1574/exe
/proc/2004/exe	/proc/2004/exe
/proc/2899/exe	/proc/2899/exe
/proc/1883/exe	/proc/1883/exe
/proc/2093/exe	/proc/2093/exe
/proc/644/exe	/proc/644/exe
/proc/769/exe	/proc/769/exe
/proc/775/exe	/proc/775/exe
/proc/804/exe	/proc/804/exe
/proc/754/exe	/proc/754/exe
/proc/1877/exe	/proc/1877/exe
/proc/1937/exe	/proc/1937/exe
/proc/2331/exe	/proc/2331/exe
/proc/2812/exe	/proc/2812/exe
/proc/2850/exe	/proc/2850/exe
/proc/2997/exe	/proc/2997/exe
/proc/3012/exe	/proc/3012/exe
/proc/1007/exe	/proc/1007/exe
/proc/2947/exe	/proc/2947/exe
/proc/776/exe	/proc/776/exe
/proc/1294/exe	/proc/1294/exe
/proc/2378/exe	/proc/2378/exe
/proc/1208/exe	/proc/1208/exe
/proc/1811/exe	/proc/1811/exe
/proc/2216/exe	/proc/2216/exe
/proc/2269/exe	/proc/2269/exe
/proc/2305/exe	/proc/2305/exe
/proc/2414/exe	/proc/2414/exe
/proc/2485/exe	/proc/2485/exe
/proc/2604/exe	/proc/2604/exe
/proc/954/exe	/proc/954/exe
/proc/1713/exe	/proc/1713/exe
/proc/1074/exe	/proc/1074/exe
/proc/2594/exe	/proc/2594/exe

/tmp/979dcd8b074443b33f21bee29d2d16df.elf
/tmp/979dcd8b074443b33f21bee29d2d16df.elf
1⤵
PID:592

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads