d6b653db16f33dca311fc975a42592b25407b28dacd5e5a23f4bd9e0cedd358d

Analysis

max time kernel
10057s
max time network
153s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221111-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
08/03/2023, 04:05

Target

x86.elf
Size

54KB
MD5

8091bef4bea1b3ef111a59dd9238b9d1
SHA1

8c4408a6789a5f6118efadc1dce8d0b80be1e40a
SHA256

d6b653db16f33dca311fc975a42592b25407b28dacd5e5a23f4bd9e0cedd358d
SHA512

c95b249bb6ed68be70efbd1f420e6ddaa19675269ea8d391cc02dd9953714319e2c1dc40ee65a84b9b8174667dd062495c7b954516422ad6af27ab54d4f2e532
SSDEEP

1536:FEytfbaM12r8ZBG6CANZmTJTwSoaEDrkMUL:FEytfbaM1zAGNwT5T3Es3

Score

9^/10

discovery

Contacts a large (37371) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/filesystems	/proc/filesystems	mkdir
/proc/filesystems	/proc/filesystems	mv

/bin/sh
sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /q��!��/tmp/x86.elf��d�o�� bin/systemd; chmod 777 bin/systemd"
1⤵
PID:604
- /bin/rm
  rm -rf bin/systemd
  2⤵
  PID:605
- /bin/mkdir
  mkdir bin
  2⤵
  - Reads runtime system information
  PID:606
- /bin/mv
  mv "/q��!��/tmp/x86.elf��d�o��" bin/systemd
  2⤵
  - Reads runtime system information
  PID:607
- /bin/chmod
  chmod 777 bin/systemd
  2⤵
  PID:608

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact