Analysis
-
max time kernel
154s -
max time network
157s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
19-12-2023 22:56
Static task
static1
Behavioral task
behavioral1
Sample
360ff599c3bc8624192974c603fcdac7
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
360ff599c3bc8624192974c603fcdac7
-
Size
73KB
-
MD5
360ff599c3bc8624192974c603fcdac7
-
SHA1
cd6c9b7f3fec61067bb5a6cd41640c517265f5d2
-
SHA256
e386bae63ebe322f5f9933ca925a5624a87fb2caae27a7f634ff692b77dfd059
-
SHA512
1dad54d0fba062f1a6fde6e9e2058cb49575ed3219db863d118389e2b33b87dee75f42eda53b4eb880d03c55158df41a0cb41fce502ea67ca76742c248043fb5
-
SSDEEP
1536:xyq93lguLYiPvoVjRWSbXJ0rWlC/kPstVkYFfWw23fQW83LZ5:p3KwYiPvoVjRWSbLQ/kPstVkrw2IN
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
Processes:
360ff599c3bc8624192974c603fcdac7description ioc pid process Changes the process name, possibly in an attempt to hide itself /usr/sbin/dropbear 1532 360ff599c3bc8624192974c603fcdac7 -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
360ff599c3bc8624192974c603fcdac7description ioc process File opened for reading /proc/net/route 360ff599c3bc8624192974c603fcdac7 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
360ff599c3bc8624192974c603fcdac7description ioc process File opened for reading /proc/net/route 360ff599c3bc8624192974c603fcdac7