Analysis
-
max time kernel
141s -
max time network
142s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
19/07/2023, 06:36
Static task
static1
Behavioral task
behavioral1
Sample
4045022d9d8a7c30bf9bfeb869316787.elf
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
4045022d9d8a7c30bf9bfeb869316787.elf
-
Size
47KB
-
MD5
4045022d9d8a7c30bf9bfeb869316787
-
SHA1
70ff71011715546c8bc264b7a1174cc906c1cbd2
-
SHA256
7e8ed99814dcf4ed35bf9d0c6da35ab7241bc240bba422beb72ecea335a8d0a3
-
SHA512
0ac30d43e3d9ba0c243c1bc28f8afbd8b41ecb06034c27d2701c686c213ba548931d8336420c1f573220b24502b93deb202e74624535bb45a4ef880809e45716
-
SSDEEP
768:g2uYpslIdHqxYbGiQdQqTvO11ZWF+mAx7NhVsaVyKheI9VPnOABlSdmOWFah70uN:buOdHqabihvOrZ4EVVAAVPnO4Sdmja/N
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself j6ykW6X 575 4045022d9d8a7c30bf9bfeb869316787.elf -
Deletes itself 1 IoCs
pid Process 575 4045022d9d8a7c30bf9bfeb869316787.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/exe 4045022d9d8a7c30bf9bfeb869316787.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/.systemd.3 4045022d9d8a7c30bf9bfeb869316787.elf