Overview

overview

7

Static

static

1

269614e98c...f620cd

ubuntu-18.04-amd64

7

Resubmissions

27-09-2023 15:12

230927-slaz3ach49 7

25-11-2020 08:51

201125-237h7mgpxa 9

24-11-2020 13:31

201124-38cax1ssh2 9

Analysis

  • max time kernel
    5s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20230831-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    27-09-2023 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    269614e98cf1a6f16026139c078e03c4790a03020abd0ac881540358f8f620cd

  • Size

    17KB

  • MD5

    cff772c03b0af2d48bcff169aa82b3eb

  • SHA1

    619b9a8a5fe3b3d7276cfebfcec8304dd44a708f

  • SHA256

    269614e98cf1a6f16026139c078e03c4790a03020abd0ac881540358f8f620cd

  • SHA512

    c573851ecd8319a49e1ef4d4292e29913f1b652219d17114223a5f03eddbaae4fc81f56c36f610ad887c353ac4cce482c91d1df91813a89d5dfad525f1e46c18

  • SSDEEP

    192:Gfaa6OZqqqwgFa4hLN1gsF2fINeRvzYJO51/K1mPrvfoj4lT5zISSlTa5GyP4R1f:Ja3Zq1DdkIGvzuOu1Mq4NwTa8n

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Writes file to system bin folder 1 TTPs 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/269614e98cf1a6f16026139c078e03c4790a03020abd0ac881540358f8f620cd
    /tmp/269614e98cf1a6f16026139c078e03c4790a03020abd0ac881540358f8f620cd
    1⤵
    • Creates/modifies Cron job
    • Writes file to system bin folder
    • Reads runtime system information
    • Writes file to tmp directory
    PID:611
    • /tmp/fileqqmbCS
      /tmp/269614e98cf1a6f16026139c078e03c4790a03020abd0ac881540358f8f620cd
      2⤵
      • Executes dropped EXE
      PID:616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /etc/cron.hourly/0
    Filesize

    89B

    MD5

    c9caea9bcdccb1484aeae81d2f9999f3

    SHA1

    d4878f52078385103d76737c12914e186e2614bd

    SHA256

    7ae91462d6542f0f016117d72d1c9e70364b4d5022a9e301e4fde74f370206b1

    SHA512

    a9b6858f76f94d9e2d2055a046a8c6a777c96a7bc4c49e9530279361e870fdeb7b6c86bb6623577b83769de39dac8bead3cc80975cbe68dbbe96ed1b7e76bae8

    Download Submit

  • /tmp/fileqqmbCS
    Filesize

    11KB

    MD5

    e0227796d10d59e6de8dda02dd735593

    SHA1

    50f3c17127ad8c6d3979318b466a5ae4ab6a487c

    SHA256

    4b88d1d2e0a646c09b22c0ec4310cd793924ad2d0b337b80fc8955ee22a5feda

    SHA512

    d4e70bb92252c95cd0e3c0c599707ee2ff8ad549c538d27ba783157f0eb226775f2073139a1db276f7479a972e4b1254dd4de73690e59ad50b27834fcc41d5ab

    Download Submit