365d5acb99bdc39ab696579366e15f324305af45f5a1a81b9cfbfc121cef74a1

Analysis

max time kernel
39289s
max time network
155s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
08/03/2023, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fb5715a29705c1802458277ed5ba2d09fae7871f0a7ac51f17cb256b3a85ed7.elf
Size

72KB
MD5

4e1b39e6ff6238ccbb5dab6f16ad59d4
SHA1

e6d26093b9ebda9ab39c04b229d1b8acd79b08d8
SHA256

0fb5715a29705c1802458277ed5ba2d09fae7871f0a7ac51f17cb256b3a85ed7
SHA512

6d9e94e5cb0d28ecbf6ab8863a417d68f49e6edb11b8a2f08b3d0b8bbd90a3c7832664827dd87f68ed029435e728469f04290fccbd6332a3768df28af90f2bfe
SSDEEP

1536:BRHgwQtdR3O76//wsAVtlJlDLGMAeH2k2gTa4MsFMK:PHgwGdR3qO/jst3lDL/iglMsFx

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (37366) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/82/cmdline	/proc/82/cmdline	Process not Found
/proc/169/cmdline	/proc/169/cmdline	Process not Found
/proc/174/cmdline	/proc/174/cmdline	Process not Found
/proc/383/cmdline	/proc/383/cmdline	Process not Found
/proc/424/cmdline	/proc/424/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/28/cmdline	/proc/28/cmdline	Process not Found
/proc/78/cmdline	/proc/78/cmdline	Process not Found
/proc/89/cmdline	/proc/89/cmdline	Process not Found
/proc/166/cmdline	/proc/166/cmdline	Process not Found
/proc/460/cmdline	/proc/460/cmdline	Process not Found
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/83/cmdline	/proc/83/cmdline	Process not Found
/proc/172/cmdline	/proc/172/cmdline	Process not Found
/proc/32/cmdline	/proc/32/cmdline	Process not Found
/proc/84/cmdline	/proc/84/cmdline	Process not Found
/proc/261/cmdline	/proc/261/cmdline	Process not Found
/proc/358/cmdline	/proc/358/cmdline	Process not Found
/proc/565/cmdline	/proc/565/cmdline	Process not Found
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/168/cmdline	/proc/168/cmdline	Process not Found
/proc/171/cmdline	/proc/171/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/27/cmdline	/proc/27/cmdline	Process not Found
/proc/35/cmdline	/proc/35/cmdline	Process not Found
/proc/81/cmdline	/proc/81/cmdline	Process not Found
/proc/115/cmdline	/proc/115/cmdline	Process not Found
/proc/202/cmdline	/proc/202/cmdline	Process not Found
/proc/262/cmdline	/proc/262/cmdline	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/163/cmdline	/proc/163/cmdline	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/170/cmdline	/proc/170/cmdline	Process not Found
/proc/177/cmdline	/proc/177/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/26/cmdline	/proc/26/cmdline	Process not Found
/proc/80/cmdline	/proc/80/cmdline	Process not Found
/proc/179/cmdline	/proc/179/cmdline	Process not Found
/proc/591/cmdline	/proc/591/cmdline	Process not Found
/proc/17/cmdline	/proc/17/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/79/cmdline	/proc/79/cmdline	Process not Found
/proc/126/cmdline	/proc/126/cmdline	Process not Found
/proc/165/cmdline	/proc/165/cmdline	Process not Found
/proc/178/cmdline	/proc/178/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir
/proc/25/cmdline	/proc/25/cmdline	Process not Found
/proc/85/cmdline	/proc/85/cmdline	Process not Found
/proc/250/cmdline	/proc/250/cmdline	Process not Found
/proc/389/cmdline	/proc/389/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/36/cmdline	/proc/36/cmdline	Process not Found
/proc/164/cmdline	/proc/164/cmdline	Process not Found
/proc/173/cmdline	/proc/173/cmdline	Process not Found
/proc/352/cmdline	/proc/352/cmdline	Process not Found
/proc/382/cmdline	/proc/382/cmdline	Process not Found
/proc/350/cmdline	/proc/350/cmdline	Process not Found
/proc/	/proc/	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found

/tmp/0fb5715a29705c1802458277ed5ba2d09fae7871f0a7ac51f17cb256b3a85ed7.elf
/tmp/0fb5715a29705c1802458277ed5ba2d09fae7871f0a7ac51f17cb256b3a85ed7.elf
1⤵
PID:593

/bin/sh
sh -c "rm -rf bin/busybox && mkdir bin; >��bin/busybox && mv /tmp/0fb5715a29705c1802458277ed5ba2d09fae7871f0a7ac51f17cb256b3a85ed7.elf bin/busybox; chmod 777 bin/busybox"
1⤵
PID:594
- /bin/rm
  rm -rf bin/busybox
  2⤵
  PID:595
- /bin/mkdir
  mkdir bin
  2⤵
  - Reads runtime system information
  PID:596
- /bin/chmod
  chmod 777 bin/busybox
  2⤵
  PID:597

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...