Analysis
-
max time kernel
0s -
max time network
44s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
26-03-2023 04:49
Behavioral task
behavioral1
Sample
x86_64
Resource
ubuntu1804-amd64-20221111-en
3 signatures
150 seconds
General
-
Target
x86_64
-
Size
61KB
-
MD5
88bce03e77c14646ff92f51acdd374f0
-
SHA1
012bab56982124f4133db66bf08686e774c17b99
-
SHA256
5a3a3eae493580349307d3cf5662f8a55c8745d482b3a49cad859f70829a538e
-
SHA512
45ea4496d795f01f07736e38707e71197c2900435dd933d98fd4619b28a11361cd8399f8b2cd44111a58c2bb4c84d3f0d8d19e7d18c6a3fd73e4e9078a7315a9
-
SSDEEP
1536:dpmbSQ6U3q7cCBT/lZsK/0DiQILiKimfFoktCe3fYRMV:WShU3q7cEDlCK/0DQ9i8Fok06fYR+
Score
9/10
Malware Config
Signatures
-
Contacts a large (10241) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc /proc/230/cmdline /proc/230/cmdline /proc/253/cmdline /proc/253/cmdline /proc/605/cmdline /proc/605/cmdline /proc/10/cmdline /proc/10/cmdline /proc/13/cmdline /proc/13/cmdline /proc/24/cmdline /proc/24/cmdline /proc/34/cmdline /proc/34/cmdline /proc/80/cmdline /proc/80/cmdline /proc/161/cmdline /proc/161/cmdline /proc/370/cmdline /proc/370/cmdline /proc/381/cmdline /proc/381/cmdline /proc/8/cmdline /proc/8/cmdline /proc/21/cmdline /proc/21/cmdline /proc/35/cmdline /proc/35/cmdline /proc/85/cmdline /proc/85/cmdline /proc/169/cmdline /proc/169/cmdline /proc/1/cmdline /proc/1/cmdline /proc/2/cmdline /proc/2/cmdline /proc/6/cmdline /proc/6/cmdline /proc/167/cmdline /proc/167/cmdline /proc/606/cmdline /proc/606/cmdline /proc/ /proc/ /proc/20/cmdline /proc/20/cmdline /proc/82/cmdline /proc/82/cmdline /proc/157/cmdline /proc/157/cmdline /proc/158/cmdline /proc/158/cmdline /proc/163/cmdline /proc/163/cmdline /proc/164/cmdline /proc/164/cmdline /proc/7/cmdline /proc/7/cmdline /proc/25/cmdline /proc/25/cmdline /proc/26/cmdline /proc/26/cmdline /proc/78/cmdline /proc/78/cmdline /proc/83/cmdline /proc/83/cmdline /proc/12/cmdline /proc/12/cmdline /proc/32/cmdline /proc/32/cmdline /proc/576/cmdline /proc/576/cmdline /proc/5/cmdline /proc/5/cmdline /proc/28/cmdline /proc/28/cmdline /proc/84/cmdline /proc/84/cmdline /proc/132/cmdline /proc/132/cmdline /proc/165/cmdline /proc/165/cmdline /proc/338/cmdline /proc/338/cmdline /proc/356/cmdline /proc/356/cmdline /proc/16/cmdline /proc/16/cmdline /proc/30/cmdline /proc/30/cmdline /proc/79/cmdline /proc/79/cmdline /proc/115/cmdline /proc/115/cmdline /proc/155/cmdline /proc/155/cmdline /proc/194/cmdline /proc/194/cmdline /proc/416/cmdline /proc/416/cmdline /proc/9/cmdline /proc/9/cmdline /proc/81/cmdline /proc/81/cmdline /proc/160/cmdline /proc/160/cmdline /proc/355/cmdline /proc/355/cmdline /proc/363/cmdline /proc/363/cmdline /proc/19/cmdline /proc/19/cmdline /proc/156/cmdline /proc/156/cmdline /proc/168/cmdline /proc/168/cmdline /proc/170/cmdline /proc/170/cmdline /proc/422/cmdline /proc/422/cmdline /proc/23/cmdline /proc/23/cmdline /proc/36/cmdline /proc/36/cmdline /proc/293/cmdline /proc/293/cmdline /proc/420/cmdline /proc/420/cmdline
Processes
-
/tmp/x86_64/tmp/x86_641⤵
-
/bin/shsh -c "rm -rf bin/systemd && mkdir bin; >6M�bin/systemd && mv /tmp/x86_64 bin/systemd; chmod 777 bin/systemd"1⤵
-
/bin/rmrm -rf bin/systemd2⤵
-
/bin/mkdirmkdir bin2⤵
-
/bin/chmodchmod 777 bin/systemd2⤵