48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f

Analysis

max time kernel
95s
max time network
134s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20230712-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20230712-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
05-08-2023 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f_JC.elf
Size

16.9MB
MD5

27822be7809142a1c359312b6f5ab6a2
SHA1

81af90eed795025c48bca6c8b0b278361f0d977b
SHA256

48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f
SHA512

09952a96d35787bf356e7ee93fad46f47e1726c0a3f6c7a0ed5cd084085935feeac422c9a1d236965ec3cdc73125f9d3dca9d7e8a0dd05be5a730bc37cdc0e1e
SSDEEP

196608:ejMmHhL8yKXmt4ITM0//StQo0BJoxPxF4DOkIvEb09PGuiGpyR38:ejMcKX2tQ0gQ5wx80xGu038

Score

3^/10

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f_JC.elf

description	ioc	process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f_JC.elf

Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

description ioc

File opened for reading /proc/sys/net/core/somaxconn

description	ioc
File opened for reading	/proc/sys/net/core/somaxconn

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

Processes:

48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f_JC.elf

description	ioc	process
File opened for modification	/tmp/data/log/merlinServerLog.txt	48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f_JC.elf
File opened for modification	/tmp/readline.tmp

/tmp/48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f_JC.elf
/tmp/48a70bd18a23fce3208195f4ad2e92fce78d37eeaa672f83af782656a4b2d07f_JC.elf
1⤵
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:605

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/data/log/merlinServerLog.txt

Filesize
77B

MD5
3585f475f7c15368be47cbe59b3a0a87

SHA1
71c6fbd4f43adbc0839b0f450a854e7ba072512b

SHA256
6cd87e53d363450166d2a6b9ab15864eca25a40157b73dc9f7a7f40e1dd9b4f8

SHA512
d83589c581e2ee8bb25fc399abc0a5084d9eb0a92560fc3c03dd426fc9138c06b1b30fdd72224494f26d7f1b4c222a8bcc94012b4dc410285688c62a63ac1cc3

Download Submit