Analysis
-
max time kernel
152s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221125-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221125-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
13-05-2023 20:27
General
-
Target
bb464f795c9e28e1f27e3b12c08371df.elf
-
Size
33KB
-
MD5
bb464f795c9e28e1f27e3b12c08371df
-
SHA1
80c852056d611d2cadea04ad546c7e278ce95fd9
-
SHA256
6ad8096f2aedc5b1b02499859522b7c60daf7b15c2aea020592267e0c0829c4f
-
SHA512
3193df32af151c13f874cfb745043cab50088850ce00aae923bbbe932cd51cceee0dec281d2df83bfa1c2d8b5283fc4d400baa52fe7a86c60130efb37cd8edd7
-
SSDEEP
768:rVTYpklmmGA37Bk2gHNEUAgnSPx6N3to4ook+a13Tv:JE1m3Bk24qUzSEDojb+e3b
Malware Config
Signatures
-
Contacts a large (37114) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
Processes:
bb464f795c9e28e1f27e3b12c08371df.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself /bin/watchdog 594 bb464f795c9e28e1f27e3b12c08371df.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/1225/exe File opened for reading /proc/1493/exe File opened for reading /proc/1025/exe File opened for reading /proc/1963/exe File opened for reading /proc/589/exe File opened for reading /proc/620/exe File opened for reading /proc/807/exe File opened for reading /proc/1058/exe File opened for reading /proc/785/exe File opened for reading /proc/1024/exe File opened for reading /proc/1112/exe File opened for reading /proc/1849/exe File opened for reading /proc/1929/exe File opened for reading /proc/1078/exe File opened for reading /proc/1949/exe File opened for reading /proc/684/exe File opened for reading /proc/958/exe File opened for reading /proc/2050/exe File opened for reading /proc/1159/exe File opened for reading /proc/1179/exe File opened for reading /proc/1259/exe File opened for reading /proc/2063/exe File opened for reading /proc/443/exe File opened for reading /proc/782/exe File opened for reading /proc/1815/exe File opened for reading /proc/633/exe File opened for reading /proc/780/exe File opened for reading /proc/789/exe File opened for reading /proc/991/exe File opened for reading /proc/1011/exe File opened for reading /proc/1594/exe File opened for reading /proc/2016/exe File opened for reading /proc/403/exe File opened for reading /proc/1561/exe File opened for reading /proc/1748/exe File opened for reading /proc/411/exe File opened for reading /proc/1158/exe File opened for reading /proc/1695/exe File opened for reading /proc/1762/exe File opened for reading /proc/1795/exe File opened for reading /proc/2096/exe File opened for reading /proc/1581/exe File opened for reading /proc/590/exe File opened for reading /proc/597/exe File opened for reading /proc/601/exe File opened for reading /proc/770/exe File opened for reading /proc/1292/exe File opened for reading /proc/1360/exe File opened for reading /proc/1527/exe File opened for reading /proc/591/exe File opened for reading /proc/1782/exe File opened for reading /proc/1896/exe File opened for reading /proc/410/exe File opened for reading /proc/778/exe File opened for reading /proc/666/exe File opened for reading /proc/768/exe File opened for reading /proc/771/exe File opened for reading /proc/1212/exe File opened for reading /proc/1447/exe File opened for reading /proc/1983/exe File opened for reading /proc/2083/exe File opened for reading /proc/776/exe File opened for reading /proc/781/exe File opened for reading /proc/1293/exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/594-1-0x0000000008048000-0x000000000805b840-memory.dmp