39052040d4a586f287dddbcc653699ce09c77bb6a336a550b5b349b674bbd46e

Analysis

max time kernel
5s
max time network
134s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20230621-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20230621-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
27/08/2023, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39052040d4a586f287dddbcc653699ce09c77bb6a336a550b5b349b674bbd46e
Size

19KB
MD5

f1e969850b4abb82ce4e618f64fde777
SHA1

7fb21db0b9303fead87ec6d98c06580daf098dad
SHA256

39052040d4a586f287dddbcc653699ce09c77bb6a336a550b5b349b674bbd46e
SHA512

a4f853b812b5a057403de6c0dbf561c5439bb3338312f70251fc8176ff13cddaebf0d8f670c4abdcd702c02c20bbbab9e756b8ba0a1b3cf3ef09bc1255d49b4d
SSDEEP

192:GbejoYfrwEGDI2T55ah3SS/OVF7ud4/yqvujgW3CilHvLSUzGWsuDxhlyqwMWku2:AYfU4gFSm3BOgPilHva49dwZLAc2lPR

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	pgrep

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/195/cmdline	pgrep
File opened for reading	/proc/23/cmdline	pgrep
File opened for reading	/proc/194/status	pgrep
File opened for reading	/proc/164/status	pgrep
File opened for reading	/proc/441/cmdline	pgrep
File opened for reading	/proc/566/status	pgrep
File opened for reading	/proc/2/stat	pidof
File opened for reading	/proc/20/cmdline	pidof
File opened for reading	/proc/305/cmdline	pidof
File opened for reading	/proc/23/status	pgrep
File opened for reading	/proc/161/status	pgrep
File opened for reading	/proc/16/cmdline	pidof
File opened for reading	/proc/161/stat	pidof
File opened for reading	/proc/28/cmdline	pgrep
File opened for reading	/proc/16/stat	pidof
File opened for reading	/proc/23/cmdline	pidof
File opened for reading	/proc/27/cmdline	pidof
File opened for reading	/proc/156/stat	pidof
File opened for reading	/proc/571/stat	pidof
File opened for reading	/proc/305/cmdline	pgrep
File opened for reading	/proc/365/status	pgrep
File opened for reading	/proc/341/cmdline	pgrep
File opened for reading	/proc/353/cmdline	pgrep
File opened for reading	/proc/3/stat	pidof
File opened for reading	/proc/165/cmdline	pidof
File opened for reading	/proc/341/stat	pidof
File opened for reading	/proc/25/status	pgrep
File opened for reading	/proc/162/status	pgrep
File opened for reading	/proc/78/stat	pidof
File opened for reading	/proc/130/stat	pidof
File opened for reading	/proc/194/cmdline	pidof
File opened for reading	/proc/10/cmdline	pgrep
File opened for reading	/proc/15/cmdline	pidof
File opened for reading	/proc/32/cmdline	pgrep
File opened for reading	/proc/81/status	pgrep
File opened for reading	/proc/112/status	pgrep
File opened for reading	/proc/171/stat	pidof
File opened for reading	/proc/13/cmdline	pgrep
File opened for reading	/proc/14/status	pgrep
File opened for reading	/proc/565/status	pgrep
File opened for reading	/proc/21/stat	pidof
File opened for reading	/proc/168/stat	pidof
File opened for reading	/proc/565/cmdline	pidof
File opened for reading	/proc/36/cmdline	pgrep
File opened for reading	/proc/130/status	pgrep
File opened for reading	/proc/31/cmdline	pgrep
File opened for reading	/proc/563/status	pgrep
File opened for reading	/proc/5/cmdline	pidof
File opened for reading	/proc/168/cmdline	pidof
File opened for reading	/proc/1/cmdline	pgrep
File opened for reading	/proc/15/status	pgrep
File opened for reading	/proc/575/cmdline	pgrep
File opened for reading	/proc/14/stat	pidof
File opened for reading	/proc/158/cmdline	pidof
File opened for reading	/proc/166/stat	pidof
File opened for reading	/proc/566/stat	pidof
File opened for reading	/proc/253/status	pgrep
File opened for reading	/proc/341/status	pgrep
File opened for reading	/proc/12/cmdline	pidof
File opened for reading	/proc/81/stat	pidof
File opened for reading	/proc/159/stat	pidof
File opened for reading	/proc/169/cmdline	pidof
File opened for reading	/proc/240/cmdline	pidof
File opened for reading	/proc/563/cmdline	pidof

/tmp/39052040d4a586f287dddbcc653699ce09c77bb6a336a550b5b349b674bbd46e
/tmp/39052040d4a586f287dddbcc653699ce09c77bb6a336a550b5b349b674bbd46e
1⤵
PID:568

/bin/sh
sh -c "pgrep smcard2"
1⤵
PID:575
- /usr/bin/pgrep
  pgrep smcard2
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:576

/bin/sh
sh -c "pidof smcard2"
1⤵
PID:579
- /bin/pidof
  pidof smcard2
  2⤵
  - Reads runtime system information
  PID:580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...