Analysis
-
max time kernel
10905s -
max time network
154s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
-
submitted
17-03-2023 23:29
General
-
Target
631ff65fa3d77f422e5915fa8910bd9b.elf
-
Size
31KB
-
MD5
631ff65fa3d77f422e5915fa8910bd9b
-
SHA1
936b6432a70edab53e0914840f2a2c71277805eb
-
SHA256
a3359626fb95bb353c16eaedcbaa0291762cbc37f4847485f011b44530142a52
-
SHA512
e4fac04954a4236aef2685576a7babd4b59e6a1569d6ee0e1382c767e7d11e6e97a401e1741def95ac4a3f6769f2fe8a476e9b85b210de35676b55170b1d6697
-
SSDEEP
768:KvZ1hu4bg59cBhjaU8TLcU7KArPPhhm2CjytjfDdEPFCh:KvXi59cPILcKKArPPhVCjytjfGP2
Score
9/10
Malware Config
Signatures
-
Contacts a large (23988) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/631ff65fa3d77f422e5915fa8910bd9b.elf/tmp/631ff65fa3d77f422e5915fa8910bd9b.elf1⤵
-
/bin/shsh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/631ff65fa3d77f422e5915fa8910bd9b.elf bin/watchdog; chmod 777 bin/watchdog"1⤵
-
/bin/rmrm -rf bin/watchdog2⤵
-
-
/bin/mkdirmkdir bin2⤵
- Reads runtime system information
-
-
/bin/mvmv /tmp/631ff65fa3d77f422e5915fa8910bd9b.elf bin/watchdog2⤵
- Reads runtime system information
-
-
/bin/chmodchmod 777 bin/watchdog2⤵
-