Overview

overview

10

Static

static

10

ea40ecec0b...73.elf

ubuntu-18.04-amd64

9

Analysis

  • max time kernel
    0s
  • max time network
    35s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20221111-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    17/01/2023, 08:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73.elf

  • Size

    549KB

  • MD5

    f9191bab1e834d4aef3380700639cee9

  • SHA1

    9c20269df6694260a24ac783de2e30d627a6928a

  • SHA256

    ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73

  • SHA512

    3d2758fe2d06183e627b5cc24919c08c84108f2efd7ab0a162029d55537476410d9535d50f3eb059f7153f7482c134284862eea121201f82838aace4b12283b5

  • SSDEEP

    12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO

Score
9/10
persistence

Malware Config

Signatures

  • Writes file to system bin folder 1 TTPs 30 IoCs
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Modifies init.d 1 TTPs 1 IoCs

    Adds/modifies system service, likely for persistence.

    persistence
  • Modifies rc script 1 TTPs 5 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Writes file to shm directory 1 IoCs

    Malware can drop malicious files in the shm directory which will run directly from RAM.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73.elf
    /tmp/ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73.elf
    1⤵
      PID:610
    • /bin/ktzfif
      /bin/ktzfif
      1⤵
        PID:614
      • /bin/njwvnkj
        /bin/njwvnkj -d 615
        1⤵
          PID:624
        • /bin/qmcdqxa
          /bin/qmcdqxa -d 615
          1⤵
            PID:627
          • /bin/rlcjbzbmjv
            /bin/rlcjbzbmjv -d 615
            1⤵
              PID:630
            • /bin/fuklewzbtv
              /bin/fuklewzbtv -d 615
              1⤵
                PID:633
              • /bin/jjxobxryoc
                /bin/jjxobxryoc -d 615
                1⤵
                  PID:636
                • /bin/dcbplypwdjjpq
                  /bin/dcbplypwdjjpq -d 615
                  1⤵
                    PID:640
                  • /bin/qtanpmwocyl
                    /bin/qtanpmwocyl -d 615
                    1⤵
                      PID:643
                    • /bin/ycwzbzdepodgmi
                      /bin/ycwzbzdepodgmi -d 615
                      1⤵
                        PID:646
                      • /bin/vzhcsbffstegv
                        /bin/vzhcsbffstegv -d 615
                        1⤵
                          PID:649
                        • /bin/spcwldzmie
                          /bin/spcwldzmie -d 615
                          1⤵
                            PID:652
                          • /bin/whjjrbg
                            /bin/whjjrbg -d 615
                            1⤵
                              PID:655
                            • /bin/ijjlqq
                              /bin/ijjlqq -d 615
                              1⤵
                                PID:658
                              • /bin/jukeaetfcgkbt
                                /bin/jukeaetfcgkbt -d 615
                                1⤵
                                  PID:661
                                • /bin/fwpoiagjhxtsif
                                  /bin/fwpoiagjhxtsif -d 615
                                  1⤵
                                    PID:664
                                  • /bin/yktvwxvc
                                    /bin/yktvwxvc -d 615
                                    1⤵
                                      PID:667
                                    • /bin/aeblgueltvc
                                      /bin/aeblgueltvc -d 615
                                      1⤵
                                        PID:670
                                      • /bin/ykmhhfzrm
                                        /bin/ykmhhfzrm -d 615
                                        1⤵
                                          PID:673
                                        • /bin/pxekvbgywicyvi
                                          /bin/pxekvbgywicyvi -d 615
                                          1⤵
                                            PID:676
                                          • /bin/bwpxasxkeet
                                            /bin/bwpxasxkeet -d 615
                                            1⤵
                                              PID:679
                                            • /bin/fkyqzxumtxu
                                              /bin/fkyqzxumtxu -d 615
                                              1⤵
                                                PID:682
                                              • /bin/ucvsyemzce
                                                /bin/ucvsyemzce -d 615
                                                1⤵
                                                  PID:685
                                                • /bin/cwxobbhpi
                                                  /bin/cwxobbhpi -d 615
                                                  1⤵
                                                    PID:688
                                                  • /bin/nyqnuegsy
                                                    /bin/nyqnuegsy -d 615
                                                    1⤵
                                                      PID:691
                                                    • /bin/odugdaueey
                                                      /bin/odugdaueey -d 615
                                                      1⤵
                                                        PID:694
                                                      • /bin/gxcuagdpouepnr
                                                        /bin/gxcuagdpouepnr -d 615
                                                        1⤵
                                                          PID:697
                                                        • /bin/rzdsyrvvzyx
                                                          /bin/rzdsyrvvzyx -d 615
                                                          1⤵
                                                            PID:700
                                                          • /bin/ecwjktmhtskk
                                                            /bin/ecwjktmhtskk -d 615
                                                            1⤵
                                                              PID:702

                                                            Network

                                                            MITRE ATT&CK Enterprise v6

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads