8e39d36c240e81592cd8bdad771bb918510f8c8ac0e4f50f7af870389ae01889

Analysis

max time kernel
41520s
max time network
154s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
03-04-2023 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bc2c217a01df86c6e18820f857acf92.elf
Size

61KB
MD5

7bc2c217a01df86c6e18820f857acf92
SHA1

8252306c73be0b967363b20231611cd21b8ef638
SHA256

8e39d36c240e81592cd8bdad771bb918510f8c8ac0e4f50f7af870389ae01889
SHA512

cea39e6eb779bd044718334722c4147b02e952af4d222a287b00a24ebc004362c28f7168e47d3840d0e0a67b0fea0da9a2fd9fc9e0a0fd32f23e8a9c74fdcc75
SSDEEP

1536:dpmbSQ6U3q7cCBT/lZsK/0DiQ4LiKimfFoktCe3fYRMj:WShU3q7cEDlCK/0Dw9i8Fok06fYRc

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (37365) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/78/cmdline	/proc/78/cmdline	Process not Found
/proc/80/cmdline	/proc/80/cmdline	Process not Found
/proc/261/cmdline	/proc/261/cmdline	Process not Found
/proc/331/cmdline	/proc/331/cmdline	Process not Found
/proc/34/cmdline	/proc/34/cmdline	Process not Found
/proc/26/cmdline	/proc/26/cmdline	Process not Found
/proc/169/cmdline	/proc/169/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/28/cmdline	/proc/28/cmdline	Process not Found
/proc/35/cmdline	/proc/35/cmdline	Process not Found
/proc/81/cmdline	/proc/81/cmdline	Process not Found
/proc/167/cmdline	/proc/167/cmdline	Process not Found
/proc/171/cmdline	/proc/171/cmdline	Process not Found
/proc/176/cmdline	/proc/176/cmdline	Process not Found
/proc/366/cmdline	/proc/366/cmdline	Process not Found
/proc/5/cmdline	/proc/5/cmdline	Process not Found
/proc/424/cmdline	/proc/424/cmdline	Process not Found
/proc/262/cmdline	/proc/262/cmdline	Process not Found
/proc/18/cmdline	/proc/18/cmdline	Process not Found
/proc/115/cmdline	/proc/115/cmdline	Process not Found
/proc/180/cmdline	/proc/180/cmdline	Process not Found
/proc/591/cmdline	/proc/591/cmdline	Process not Found
/proc/600/cmdline	/proc/600/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/83/cmdline	/proc/83/cmdline	Process not Found
/proc/173/cmdline	/proc/173/cmdline	Process not Found
/proc/333/cmdline	/proc/333/cmdline	Process not Found
/proc/350/cmdline	/proc/350/cmdline	Process not Found
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/79/cmdline	/proc/79/cmdline	Process not Found
/proc/89/cmdline	/proc/89/cmdline	Process not Found
/proc/175/cmdline	/proc/175/cmdline	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/29/cmdline	/proc/29/cmdline	Process not Found
/proc/98/cmdline	/proc/98/cmdline	Process not Found
/proc/168/cmdline	/proc/168/cmdline	Process not Found
/proc/355/cmdline	/proc/355/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/32/cmdline	/proc/32/cmdline	Process not Found
/proc/82/cmdline	/proc/82/cmdline	Process not Found
/proc/164/cmdline	/proc/164/cmdline	Process not Found
/proc/170/cmdline	/proc/170/cmdline	Process not Found
/proc/202/cmdline	/proc/202/cmdline	Process not Found
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/174/cmdline	/proc/174/cmdline	Process not Found
/proc/177/cmdline	/proc/177/cmdline	Process not Found
/proc/383/cmdline	/proc/383/cmdline	Process not Found
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/250/cmdline	/proc/250/cmdline	Process not Found
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/126/cmdline	/proc/126/cmdline	Process not Found
/proc/172/cmdline	/proc/172/cmdline	Process not Found
/proc/358/cmdline	/proc/358/cmdline	Process not Found
/proc/422/cmdline	/proc/422/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found

/tmp/7bc2c217a01df86c6e18820f857acf92.elf
/tmp/7bc2c217a01df86c6e18820f857acf92.elf
1⤵
PID:593

/bin/sh
sh -c "rm -rf bin/busybox && mkdir bin; >�f�bin/busybox && mv /tmp/7bc2c217a01df86c6e18820f857acf92.elf bin/busybox; chmod 777 bin/busybox"
1⤵
PID:594
- /bin/rm
  rm -rf bin/busybox
  2⤵
  PID:595
- /bin/mkdir
  mkdir bin
  2⤵
  - Reads runtime system information
  PID:596
- /bin/chmod
  chmod 777 bin/busybox
  2⤵
  PID:597

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads