Analysis
-
max time kernel
151s -
max time network
133s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
19-12-2023 22:27
Behavioral task
behavioral1
Sample
0adc73b8cf912d57e594bab3466860c6
Resource
ubuntu1804-amd64-20231215-en
General
-
Target
0adc73b8cf912d57e594bab3466860c6
-
Size
7.0MB
-
MD5
0adc73b8cf912d57e594bab3466860c6
-
SHA1
65d1f9d28783f5ea5b23d96ce16bb661a5f9a3ce
-
SHA256
d92587ee5e763f9d961fded9be3ba0a2fe95e311254c9d2c4135c7a1238672bf
-
SHA512
3d4e52af9109ea2de90027e895d511685f9047cbbc6266a401e28835eb92de7766e48e9f62700de0bab365bff0286a24005d7bead63c4a8b2ea2a3c9b6b98f6d
-
SSDEEP
98304:kuNe6mfQBtMdq+Khq+wfpL+Gd+r2R/v75LBJL7IX:pE6mYcdqhc7jJX
Malware Config
Signatures
-
Checks CPU configuration 1 TTPs 2 IoCs
Checks CPU information which indicate if the system is a virtual machine.
Processes:
catcatdescription ioc process File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
crontabdescription ioc process File opened for modification /var/spool/cron/crontabs/tmp.yABkpC crontab -
Reads runtime system information 4 IoCs
Reads data from /proc virtual filesystem.
Processes:
0adc73b8cf912d57e594bab3466860c6cat0adc73b8cf912d57e594bab3466860c6catdescription ioc process File opened for reading /proc/sys/net/core/somaxconn 0adc73b8cf912d57e594bab3466860c6 File opened for reading /proc/version cat File opened for reading /proc/sys/net/core/somaxconn 0adc73b8cf912d57e594bab3466860c6 File opened for reading /proc/version cat -
Writes file to tmp directory 3 IoCs
Malware often drops required files in the /tmp directory.
Processes:
description ioc File opened for modification /tmp/[stealth].pid File opened for modification /tmp/.pid File opened for modification /tmp/nip9iNeiph5chee
Processes
-
/tmp/0adc73b8cf912d57e594bab3466860c6/tmp/0adc73b8cf912d57e594bab3466860c61⤵
- Reads runtime system information
-
/bin/catcat /proc/version1⤵
- Reads runtime system information
-
/bin/catcat /proc/cpuinfo1⤵
- Checks CPU configuration
-
/bin/unameuname -a1⤵
-
/usr/bin/getconfgetconf LONG_BIT1⤵
-
/tmp/0adc73b8cf912d57e594bab3466860c6"[stealth]"1⤵
- Reads runtime system information
-
/bin/catcat /proc/version2⤵
- Reads runtime system information
-
/bin/catcat /proc/cpuinfo1⤵
- Checks CPU configuration
-
/bin/unameuname -a1⤵
-
/usr/bin/getconfgetconf LONG_BIT1⤵
-
/usr/bin/crontab/usr/bin/crontab /tmp/nip9iNeiph5chee1⤵
- Creates/modifies Cron job
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
/tmp/.pidFilesize
4B
MD54e6cd95227cb0c280e99a195be5f6615
SHA100b7858a85fe7328455145a1552e17378e980fe7
SHA2561e61da9318ad5f39fa341ffa808659430fd708a76917b50851a1fbcf88375f1e
SHA51205b75cc64fa98271a6f55bf355457eea5a2ac6ef5a340774c8cc55e7ce2f574d1b0aef783abb46975ed6b930c479762a2e89c487438a696722e4079c84b81490
-
/tmp/nip9iNeiph5cheeFilesize
66B
MD5f2412ab082f5db5abf8045e1ef68e436
SHA12eeba5475e1a6c21e27c9e112c01049862efa8e6
SHA256235d2818e649c9904fc0cc555cc969c12e8bdd56feb77e7092a1f925dde7f21a
SHA512da58b86d7011cdb789da8f92232f669d5851cfb8e06436e754dbc2a2bb0d4e6b7527f69ecf5345af5d7582db6e93bae2f703e3f86faa2d93817c84939416e292
-
/var/spool/cron/crontabs/tmp.yABkpCFilesize
260B
MD5aa2598039b88b3e88e2f6daf7cc86158
SHA1384bba1ca474a16da425c38a2038beb860ea9a6a
SHA256eab882756898b24473a2fe5b0d43b33c24f17cc5835db51abca30da4801f65f9
SHA512c1bcd60bb879b4cf43c824daee01c604ff42a0b717080efd069b65e101b7e6eacf1dd3ada5e9a118a7c5ee62b7c6b36e0385bcbb6afd8c2b70ee68b5a118d1c9