Overview

overview

6

Static

static

1

3be6c7fd3d...e2f604

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    154s
  • max time network
    150s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    19-12-2023 23:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3be6c7fd3d0f7767b728887c0ae2f604

  • Size

    1.8MB

  • MD5

    3be6c7fd3d0f7767b728887c0ae2f604

  • SHA1

    afa030bfa8748f53a41f1056f0501e1c1a6c1a96

  • SHA256

    f98930f3f3561a0c88713594057fed823495204dd348b5fa091959680692538d

  • SHA512

    c7d7eea6f25609e09a8c548a66fb0001d695be69f1330781f1e7d05bd816b1259823af49e1f191e88aae84061c75b5c27f8b3a89006e17be9b6490ac5f1d8ce7

  • SSDEEP

    49152:bNihhOhBNhKhyu7cYx9z2rAnKsfRgaFyZB5Ss5+Nu:5ihhOhBNhKhRwwJ2romaFyZB5Ss5+Nu

Score
6/10

Malware Config

Signatures

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/3be6c7fd3d0f7767b728887c0ae2f604
    /tmp/3be6c7fd3d0f7767b728887c0ae2f604
    1⤵
      PID:1561
      • /bin/sh
        sh -c "sed -i -e '/exit/d' /etc/rc.local"
        2⤵
          PID:1562
          • /bin/sed
            sed -i -e /exit/d /etc/rc.local
            3⤵
            • Reads runtime system information
            PID:1563
        • /bin/sh
          sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
          2⤵
            PID:1564
            • /bin/sed
              sed -i -e "/^ | | \$/d" /etc/rc.local
              3⤵
              • Reads runtime system information
              PID:1565
          • /bin/sh
            sh -c "sed -i -e '/3be6c7fd3d0f7767b728887c0ae2f604 reboot/d' /etc/rc.local"
            2⤵
              PID:1566
              • /bin/sed
                sed -i -e "/3be6c7fd3d0f7767b728887c0ae2f604 reboot/d" /etc/rc.local
                3⤵
                • Reads runtime system information
                PID:1567
            • /bin/sh
              sh -c "sed -i -e '2 i/tmp/3be6c7fd3d0f7767b728887c0ae2f604 reboot' /etc/rc.local"
              2⤵
                PID:1568
                • /bin/sed
                  sed -i -e "2 i/tmp/3be6c7fd3d0f7767b728887c0ae2f604 reboot" /etc/rc.local
                  3⤵
                  • Reads runtime system information
                  PID:1569
              • /bin/sh
                sh -c "sed -i -e '2 i/tmp/3be6c7fd3d0f7767b728887c0ae2f604 reboot start' /etc/rc.d/rc.local"
                2⤵
                  PID:1570
                  • /bin/sed
                    sed -i -e "2 i/tmp/3be6c7fd3d0f7767b728887c0ae2f604 reboot start" /etc/rc.d/rc.local
                    3⤵
                    • Reads runtime system information
                    PID:1571
                • /bin/sh
                  sh -c "sed -i -e '2 i/tmp/3be6c7fd3d0f7767b728887c0ae2f604 reboot start' /etc/init.d/boot.local"
                  2⤵
                    PID:1572
                    • /bin/sed
                      sed -i -e "2 i/tmp/3be6c7fd3d0f7767b728887c0ae2f604 reboot start" /etc/init.d/boot.local
                      3⤵
                      • Reads runtime system information
                      PID:1573

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads