007f7a8b294caad2eabb046df5d2b48130d1586ca623d6d425fb2756105f26f6

Analysis

max time kernel
153s
max time network
154s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22/07/2023, 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x86_64-20230722-0756.elf
Size

147KB
MD5

f540d84aa68f4db4a4a40f850949f403
SHA1

533ad8538436793fc0d61c2972764d5edefacb21
SHA256

007f7a8b294caad2eabb046df5d2b48130d1586ca623d6d425fb2756105f26f6
SHA512

d6aa5f6132a1b7501a93f08fa79c52630a3e78badf23c4405c06bcd7c6c66710ae320222a07e18699105b3053ef468f7a73e202f2b6c9decf29ecacf8d786c24
SSDEEP

3072:wex8zfVEfcvcq4n4EUxI7KnKn1Ke/SfTVsmcQnfQt/omr2:wex8zfWjq4LbAJ8t/t2

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (91474) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	MC	575	x86_64-20230722-0756.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/166/status
File opened for reading	/proc/79/cmdline
File opened for reading	/proc/82/cmdline
File opened for reading	/proc/17/status
File opened for reading	/proc/571/status
File opened for reading	/proc/168/cmdline
File opened for reading	/proc/394/cmdline
File opened for reading	/proc/577/cmdline
File opened for reading	/proc/370/status
File opened for reading	/proc/422/status
File opened for reading	/proc/576/status
File opened for reading	/proc/154/cmdline
File opened for reading	/proc/158/cmdline
File opened for reading	/proc/tty/cmdline
File opened for reading	/proc/155/status
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/422/cmdline
File opened for reading	/proc/cmdline
File opened for reading	/proc/350/status
File opened for reading	/proc/251/cmdline
File opened for reading	/proc/34/cmdline
File opened for reading	/proc/19/cmdline
File opened for reading	/proc/35/cmdline
File opened for reading	/proc/155/cmdline
File opened for reading	/proc/572/cmdline
File opened for reading	/proc/164/status
File opened for reading	/proc/165/cmdline
File opened for reading	/proc/573/cmdline
File opened for reading	/proc/81/status
File opened for reading	/proc/98/status
File opened for reading	/proc/115/cmdline
File opened for reading	/proc/85/cmdline
File opened for reading	/proc/581/cmdline
File opened for reading	/proc/scsi/cmdline
File opened for reading	/proc/342/status
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/589/status
File opened for reading	/proc/193/cmdline
File opened for reading	/proc/393/cmdline
File opened for reading	/proc/driver/cmdline
File opened for reading	/proc/158/status
File opened for reading	/proc/238/status
File opened for reading	/proc/572/status
File opened for reading	/proc/30/cmdline
File opened for reading	/proc/164/cmdline
File opened for reading	/proc/586/status
File opened for reading	/proc/36/status
File opened for reading	/proc/160/status
File opened for reading	/proc/541/cmdline
File opened for reading	/proc/591/cmdline
File opened for reading	/proc/irq/cmdline
File opened for reading	/proc/20/status
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/162/cmdline
File opened for reading	/proc/238/cmdline
File opened for reading	/proc/9/status
File opened for reading	/proc/22/status
File opened for reading	/proc/85/status
File opened for reading	/proc/579/status
File opened for reading	/proc/592/status
File opened for reading	/proc/165/status
File opened for reading	/proc/356/status
File opened for reading	/proc/350/cmdline

/tmp/x86_64-20230722-0756.elf
/tmp/x86_64-20230722-0756.elf
1⤵
- Changes its process name
PID:575

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...