Overview

overview

9

Static

static

1

log21.x86_64.elf

ubuntu-18.04-amd64

9

Analysis

  • max time kernel
    0s
  • max time network
    151s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20221111-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    16/02/2023, 05:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    log21.x86_64.elf

  • Size

    42KB

  • MD5

    64d6bcfeb27c5d5ad5aff154db90d90f

  • SHA1

    491598475f2bbb4198dff332f4b194fd954a3529

  • SHA256

    a9275f22ab8c2e85acbad078d09dc65864fb1b5e652ca29d793bdb1a54c8a517

  • SHA512

    a94c2eeb3e4bd574b0ab5842829173aa5ebc8b7e3928583a2d263d5f665c09973658488d96f37fa106e0e10daf297aea0f753393b7065e49f83bc0ab83077137

  • SSDEEP

    768:IYTQ0JxxcNUeBMvxfvZaK10P3WdwgtPTw88x17OWrZkpfIYF6x0x:IYTT5jxfvZQP3Wdwge8krr2iE

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (46945) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 23 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/log21.x86_64.elf
    /tmp/log21.x86_64.elf
    1⤵
      PID:604
      • /bin/sh
        sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/log21.x86_64.elf bin/watchdog; chmod 777 bin/watchdog"
        2⤵
          PID:605
          • /bin/rm
            rm -rf "bin/watchdog"
            3⤵
              PID:606
            • /bin/mkdir
              mkdir "bin"
              3⤵
              • Reads runtime system information
              PID:607
            • /bin/chmod
              chmod 777 bin/watchdog
              3⤵
                PID:608

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads