Analysis
-
max time kernel
2s -
max time network
151s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231201-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231201-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
03-12-2023 19:49
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Linux.Siggen.4939.25725.3492.elf
Resource
ubuntu1804-amd64-20231201-en
ubuntu-18.04-amd64
1 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Linux.Siggen.4939.25725.3492.elf
-
Size
2.4MB
-
MD5
7c84e75817349adcdea9925b86f67670
-
SHA1
08d96d08c62150d7aec73ad647b5007ff1e3a6c1
-
SHA256
13c1cfb12017aa138e2f8d788dcd867806cc8fd6ae05c3ab7d886c18bcd4c48a
-
SHA512
c3533c716d95d155f120b5f718c4e8e603314c84254e302f5a0254ba7f9e0b02635744a486f4abdbefdb9ddec678ab5ae3d5d179f889d674ee772b06e1c43007
-
SSDEEP
49152:rEfoMtXFLQuWqL7B6RBiy61ggOZc8nuO8nIT:L4F1fZ6R0H
Score
3/10
Malware Config
Signatures
-
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
SecuriteInfo.com.Linux.Siggen.4939.25725.3492.elfdescription ioc process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size SecuriteInfo.com.Linux.Siggen.4939.25725.3492.elf