Analysis
-
max time kernel
152s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20230621-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20230621-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
03-07-2023 05:22
Behavioral task
behavioral1
Sample
588-1-0x0000000008048000-0x0000000008062e00-memory.dmp
Resource
ubuntu1804-amd64-20230621-en
ubuntu-18.04-amd64
General
-
Target
588-1-0x0000000008048000-0x0000000008062e00-memory.dmp
-
Size
96KB
-
MD5
0aa1bd913457d5fdad0f77c6a7396dc5
-
SHA1
86670992a0aeeeb3f1c0541b6a618857cfce5809
-
SHA256
ffbf2661c3e52e2255f21d90a79b7ea5487d1bee5f62a9acb22bb2ce86dcdd3e
-
SHA512
7cda88557f5cbbe14d29a7d429a34097623484e12ca85064eadc3f2364b0a512607f1d5c587eba8101c3af88da758ccb449d0a6c0d32c781c9bce5ecfe6f3c4b
-
SSDEEP
3072:088NimXbdys1IqueknrV63kFh5DjOCQgRSWEN/3zG9wqx1r9H:08CiKbd/uqu/rVckFh5D9QAQvYpH
Malware Config
Signatures
-
Contacts a large (20602) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/438/cmdline File opened for reading /proc/439/io File opened for reading /proc/420/cmdline File opened for reading /proc/422/environ File opened for reading /proc/606/io File opened for reading /proc/606/maps File opened for reading /proc/613/io File opened for reading /proc/354/fd File opened for reading /proc/359/fd File opened for reading /proc/438/fd File opened for reading /proc/608/cmdline File opened for reading /proc/439/maps File opened for reading /proc/602/io File opened for reading /proc/602/environ File opened for reading /proc/364/fd File opened for reading /proc/420/fd File opened for reading /proc/440/cmdline File opened for reading /proc/576/io File opened for reading /proc/595/io File opened for reading /proc/597/cmdline File opened for reading /proc/595/cmdline File opened for reading /proc/253/fd File opened for reading /proc/594/fd File opened for reading /proc/608/fd File opened for reading /proc/608/environ File opened for reading /proc/358/fd File opened for reading /proc/594/io File opened for reading /proc/602/maps File opened for reading /proc/594/maps File opened for reading /proc/596/environ File opened for reading /proc/619/cmdline File opened for reading /proc/619/environ File opened for reading /proc/263/fd File opened for reading /proc/613/fd File opened for reading /proc/438/environ File opened for reading /proc/440/maps File opened for reading /proc/595/environ File opened for reading /proc/595/maps File opened for reading /proc/597/io File opened for reading /proc/613/maps File opened for reading /proc/302/fd File opened for reading /proc/420/environ File opened for reading /proc/420/maps File opened for reading /proc/298/fd File opened for reading /proc/344/fd File opened for reading /proc/439/fd File opened for reading /proc/440/io File opened for reading /proc/438/io File opened for reading /proc/594/cmdline File opened for reading /proc/594/environ File opened for reading /proc/619/io File opened for reading /proc/617/fd File opened for reading /proc/420/io File opened for reading /proc/422/cmdline File opened for reading /proc/596/cmdline File opened for reading /proc/606/environ File opened for reading /proc/382/fd File opened for reading /proc/422/fd File opened for reading /proc/576/maps File opened for reading /proc/608/io File opened for reading /proc/613/environ File opened for reading /proc/619/maps File opened for reading /proc/349/fd File opened for reading /proc/576/environ