Analysis
-
max time kernel
36391s -
max time network
74s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
02/02/2023, 21:30
Static task
static1
Behavioral task
behavioral1
Sample
netwalker
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
netwalker
-
Size
1.7MB
-
MD5
c3c0c63e1003b1e8c8c6ab00be343a72
-
SHA1
4359121ae4583d9673f2e146e275275bcc7e20d1
-
SHA256
469aa49f4f628498111af193d9220fcc41825d94525246656e40b0560d4cd267
-
SHA512
c1205dff494f53fc0d2c1b954bc1e30f6b36757c9da907c0a7b8d6350ea6e44786f55b98655d0e43fbfcc40ac6234b5e2ecd69cf0242383af2b33bc608c67fd9
-
SSDEEP
49152:QmE6g6l1ZUVyTvqNFlTfAyqwzyWNOH8e3P:Q2g6XZUcTv4lTG7WNM8C
Score
6/10
Malware Config
Signatures
-
Reads CPU attributes 1 TTPs 1 IoCs
description ioc Process /sys/devices/system/cpu/online /sys/devices/system/cpu/online pgrep -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process /proc/6/cmdline /proc/6/cmdline pgrep /proc/32/status /proc/32/status pgrep /proc/79/status /proc/79/status pgrep /proc/80/status /proc/80/status pgrep /proc/168/status /proc/168/status pgrep /proc/202/status /proc/202/status pgrep /proc/565/cmdline /proc/565/cmdline pgrep /proc/sys/kernel/osrelease /proc/sys/kernel/osrelease pgrep /proc/1/cmdline /proc/1/cmdline pgrep /proc/26/status /proc/26/status pgrep /proc/31/status /proc/31/status pgrep /proc/81/status /proc/81/status pgrep /proc/85/cmdline /proc/85/cmdline pgrep /proc/175/status /proc/175/status pgrep /proc/21/cmdline /proc/21/cmdline pgrep /proc/115/cmdline /proc/115/cmdline pgrep /proc/168/cmdline /proc/168/cmdline pgrep /proc/262/status /proc/262/status pgrep /proc/596/status /proc/596/status pgrep /proc/7/status /proc/7/status pgrep /proc/30/cmdline /proc/30/cmdline pgrep /proc/32/cmdline /proc/32/cmdline pgrep /proc/36/status /proc/36/status pgrep /proc/29/cmdline /proc/29/cmdline pgrep /proc/10/cmdline /proc/10/cmdline pgrep /proc/16/cmdline /proc/16/cmdline pgrep /proc/178/cmdline /proc/178/cmdline pgrep /proc/357/status /proc/357/status pgrep /proc/409/cmdline /proc/409/cmdline pgrep /proc/177/status /proc/177/status pgrep /proc/14/cmdline /proc/14/cmdline pgrep /proc/17/status /proc/17/status pgrep /proc/19/status /proc/19/status pgrep /proc/24/cmdline /proc/24/cmdline pgrep /proc/82/status /proc/82/status pgrep /proc/171/cmdline /proc/171/cmdline pgrep /proc/172/cmdline /proc/172/cmdline pgrep /proc/89/status /proc/89/status pgrep /proc/2/cmdline /proc/2/cmdline pgrep /proc/4/status /proc/4/status pgrep /proc/8/cmdline /proc/8/cmdline pgrep /proc/15/status /proc/15/status pgrep /proc/35/status /proc/35/status pgrep /proc/83/status /proc/83/status pgrep /proc/85/status /proc/85/status pgrep /proc/164/status /proc/164/status pgrep /proc/178/status /proc/178/status pgrep /proc/203/cmdline /proc/203/cmdline pgrep /proc/250/status /proc/250/status pgrep /proc/422/status /proc/422/status pgrep /proc/424/status /proc/424/status pgrep /proc/3/status /proc/3/status pgrep /proc/163/cmdline /proc/163/cmdline pgrep /proc/597/status /proc/597/status pgrep /proc/169/status /proc/169/status pgrep /proc/389/status /proc/389/status pgrep /proc/598/status /proc/598/status pgrep /proc/6/status /proc/6/status pgrep /proc/11/cmdline /proc/11/cmdline pgrep /proc/29/status /proc/29/status pgrep /proc/34/status /proc/34/status pgrep /proc/79/cmdline /proc/79/cmdline pgrep /proc/166/cmdline /proc/166/cmdline pgrep /proc/591/cmdline /proc/591/cmdline pgrep -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/CommId /tmp/CommId netwalker /tmp/net10.127.0.175.map /tmp/net10.127.0.175.map netwalker