4b639c3ffdab5e82c4c34f37d7e3a54ecf621b16038fddae4893e8e9c07aee90

Analysis

max time kernel
3s
max time network
123s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20230712-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20230712-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19-07-2023 16:31

Target

f9d8f0e8e17d7felf_JC.elf
Size

4.5MB
MD5

f9d8f0e8e17d7fcb9603a17b6f87cdff
SHA1

9827be164408f32002fc8a2185cc8134a29a7449
SHA256

4b639c3ffdab5e82c4c34f37d7e3a54ecf621b16038fddae4893e8e9c07aee90
SHA512

0bb2e83ffa9d24c88eab102a9ed3da07cf6fff2054b7186bc7475637d9cb7a3f53e600daa0137b6c9892c1208a84acc9835c5916aefcc88b44aa0d574386af50
SSDEEP

49152:15jgJwiOW6YyACm6CWHpxXmv7j2fp+X4g67/YssImwRkrILkV7dZnHJ0quAb7/i:1SsW6YORx2v7yR+YYgJOX/i

Score

3^/10

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

description	ioc	Process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	f9d8f0e8e17d7felf_JC.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/f9d8f0e8e17d7felf_JC.elf.pid	f9d8f0e8e17d7felf_JC.elf

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact