b9cceeddd1c1b538557dc237655d9a5cffa9911801856e5d1a8dd9a7dd9031e5

Analysis

max time kernel
0s
max time network
134s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221111-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
07/03/2023, 17:27

Target

d_linux_x64.elf
Size

5.6MB
MD5

c344f584881e90d426235553fedacff3
SHA1

21f9cfdf4f6e85cf8834e1a4718395fe586d3b49
SHA256

b9cceeddd1c1b538557dc237655d9a5cffa9911801856e5d1a8dd9a7dd9031e5
SHA512

f7cd82de60e25ea3877cc8fbaa878b94c355a3683099f899acea940f5071f49eb246926aa52b9bb7443efba5c48490fdc80e03c4d1ec1999936f86ccfe2fa156
SSDEEP

49152:z0gg2J/cN2rb/TrvO90d7HjmAFd4A64nsfJDc753DJ5mvbJUL0znqyWFGXpd/Wc2:n3Av3WpEfkov

Score

5^/10

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

description	ioc	Process
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	d_linux_x64.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/client_id.txt	/tmp/client_id.txt	d_linux_x64.elf

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact