Analysis
-
max time kernel
40380s -
max time network
154s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
-
submitted
21/03/2023, 01:37
General
-
Target
5a3a3eae493580349307d3cf5662f8a55c8745d482b3a49cad859f70829a538e.elf
-
Size
61KB
-
MD5
88bce03e77c14646ff92f51acdd374f0
-
SHA1
012bab56982124f4133db66bf08686e774c17b99
-
SHA256
5a3a3eae493580349307d3cf5662f8a55c8745d482b3a49cad859f70829a538e
-
SHA512
45ea4496d795f01f07736e38707e71197c2900435dd933d98fd4619b28a11361cd8399f8b2cd44111a58c2bb4c84d3f0d8d19e7d18c6a3fd73e4e9078a7315a9
-
SSDEEP
1536:dpmbSQ6U3q7cCBT/lZsK/0DiQILiKimfFoktCe3fYRMV:WShU3q7cEDlCK/0DQ9i8Fok06fYR+
Score
9/10
Malware Config
Signatures
-
Contacts a large (29578) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/5a3a3eae493580349307d3cf5662f8a55c8745d482b3a49cad859f70829a538e.elf/tmp/5a3a3eae493580349307d3cf5662f8a55c8745d482b3a49cad859f70829a538e.elf1⤵
-
/bin/shsh -c "rm -rf bin/busybox && mkdir bin; >�m�bin/busybox && mv /tmp/5a3a3eae493580349307d3cf5662f8a55c8745d482b3a49cad859f70829a538e.elf bin/busybox; chmod 777 bin/busybox"1⤵
-
/bin/rmrm -rf bin/busybox2⤵
-
-
/bin/mkdirmkdir bin2⤵
-
-
/bin/chmodchmod 777 bin/busybox2⤵
-