13c1cfb12017aa138e2f8d788dcd867806cc8fd6ae05c3ab7d886c18bcd4c48a | Triage

Analysis

max time kernel
2s
max time network
151s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231201-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231201-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
03-12-2023 19:49

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Linux.Siggen.4939.25725.3492.elf
Size

2.4MB
MD5

7c84e75817349adcdea9925b86f67670
SHA1

08d96d08c62150d7aec73ad647b5007ff1e3a6c1
SHA256

13c1cfb12017aa138e2f8d788dcd867806cc8fd6ae05c3ab7d886c18bcd4c48a
SHA512

c3533c716d95d155f120b5f718c4e8e603314c84254e302f5a0254ba7f9e0b02635744a486f4abdbefdb9ddec678ab5ae3d5d179f889d674ee772b06e1c43007
SSDEEP

49152:rEfoMtXFLQuWqL7B6RBiy61ggOZc8nuO8nIT:L4F1fZ6R0H

Score

3^/10

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

SecuriteInfo.com.Linux.Siggen.4939.25725.3492.elf

description ioc process

File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size SecuriteInfo.com.Linux.Siggen.4939.25725.3492.elf

/tmp/SecuriteInfo.com.Linux.Siggen.4939.25725.3492.elf
/tmp/SecuriteInfo.com.Linux.Siggen.4939.25725.3492.elf
1⤵
- Enumerates kernel/hardware configuration
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads