Overview

overview

10

Static

static

10

x86_64

ubuntu-18.04-amd64

9

Analysis

  • max time kernel
    0s
  • max time network
    44s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20221111-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    26-03-2023 04:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x86_64

  • Size

    61KB

  • MD5

    88bce03e77c14646ff92f51acdd374f0

  • SHA1

    012bab56982124f4133db66bf08686e774c17b99

  • SHA256

    5a3a3eae493580349307d3cf5662f8a55c8745d482b3a49cad859f70829a538e

  • SHA512

    45ea4496d795f01f07736e38707e71197c2900435dd933d98fd4619b28a11361cd8399f8b2cd44111a58c2bb4c84d3f0d8d19e7d18c6a3fd73e4e9078a7315a9

  • SSDEEP

    1536:dpmbSQ6U3q7cCBT/lZsK/0DiQILiKimfFoktCe3fYRMV:WShU3q7cEDlCK/0DQ9i8Fok06fYR+

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (10241) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/x86_64
    /tmp/x86_64
    1⤵
      PID:598
    • /bin/sh
      sh -c "rm -rf bin/systemd && mkdir bin; >6M�bin/systemd && mv /tmp/x86_64 bin/systemd; chmod 777 bin/systemd"
      1⤵
        PID:599
        • /bin/rm
          rm -rf bin/systemd
          2⤵
            PID:600
          • /bin/mkdir
            mkdir bin
            2⤵
              PID:601
            • /bin/chmod
              chmod 777 bin/systemd
              2⤵
                PID:602

            Network

            MITRE ATT&CK Matrix ATT&CK v6

            Initial Access

            Execution

            Persistence

            Privilege Escalation

            Defense Evasion

            Credential Access

            Discovery

            Network Service Scanning

            2
            T1046

            Lateral Movement

            Collection

            Exfiltration

            Command and Control

            Impact

            Replay Monitor

            Loading Replay Monitor...

            Downloads