b791234f4bdbb8475a29a9a2ad5dd1cc09c65b973e58ee10eaf6509885bdf065

Analysis

max time kernel
153s
max time network
153s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19-12-2023 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ed3485825a6fc56309f5721bef50489
Size

64KB
MD5

3ed3485825a6fc56309f5721bef50489
SHA1

8d9443802c210223b91aee123d4e051f12569996
SHA256

b791234f4bdbb8475a29a9a2ad5dd1cc09c65b973e58ee10eaf6509885bdf065
SHA512

bf54e0e8c1fa6ddd021dfea0d847e93f7ec79f6166a3a05ce3f2b96904f25516d49a8f291b484454b4cca2527c93ba8758c4385b7fcc50196e849bbc1c4795c8
SSDEEP

1536:CgNcQ9sNLGQ9DyG5arJXa8Zg9EAEWK962NqNShguuRxp7:nNcQ9sNLGkG9rJXvvAEWK96Aqshsrp7

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/1094 EKBJOHC&
File opened for reading	/proc/1177 EKBJOHC&
File opened for reading	/proc/1260 EKBJOHC&
File opened for reading	/proc/437 EKBJOHC&
File opened for reading	/proc/520/exe
File opened for reading	/proc/1149/exe
File opened for reading	/proc/573/exe
File opened for reading	/proc/949 EKBJOHC&
File opened for reading	/proc/954 EKBJOHC&
File opened for reading	/proc/1074 EKBJOHC&
File opened for reading	/proc/1009/exe
File opened for reading	/proc/1252/exe
File opened for reading	/proc/1141/exe
File opened for reading	/proc/596 EKBJOHC&
File opened for reading	/proc/1128 EKBJOHC&
File opened for reading	/proc/1191/exe
File opened for reading	/proc/1381/exe
File opened for reading	/proc/674/exe
File opened for reading	/proc/475/exe
File opened for reading	/proc/1254/exe
File opened for reading	/proc/1355/exe
File opened for reading	/proc/1177/exe
File opened for reading	/proc/1273 EKBJOHC&
File opened for reading	/proc/1038 EKBJOHC&
File opened for reading	/proc/1081/exe
File opened for reading	/proc/1105/exe
File opened for reading	/proc/1141 EKBJOHC&
File opened for reading	/proc/1362 EKBJOHC&
File opened for reading	/proc/1307/exe
File opened for reading	/proc/1464 EKBJOHC&
File opened for reading	/proc/711/exe
File opened for reading	/proc/1014 EKBJOHC&
File opened for reading	/proc/1236 EKBJOHC&
File opened for reading	/proc/1293 EKBJOHC&
File opened for reading	/proc/418/exe
File opened for reading	/proc/475 EKBJOHC&
File opened for reading	/proc/671 EKBJOHC&
File opened for reading	/proc/711 EKBJOHC&
File opened for reading	/proc/421/exe
File opened for reading	/proc/736/exe
File opened for reading	/proc/1189 EKBJOHC&
File opened for reading	/proc/573 EKBJOHC&
File opened for reading	/proc/1067/exe
File opened for reading	/proc/421 EKBJOHC&
File opened for reading	/proc/467/exe
File opened for reading	/proc/467 EKBJOHC&
File opened for reading	/proc/522/exe
File opened for reading	/proc/539 EKBJOHC&
File opened for reading	/proc/646/exe
File opened for reading	/proc/949/exe
File opened for reading	/proc/1549/exe
File opened for reading	/proc/1183 EKBJOHC&
File opened for reading	/proc/1009 EKBJOHC&
File opened for reading	/proc/434 EKBJOHC&
File opened for reading	/proc/736 EKBJOHC&
File opened for reading	/proc/959/exe
File opened for reading	/proc/1136 EKBJOHC&
File opened for reading	/proc/431/exe
File opened for reading	/proc/1132 EKBJOHC&
File opened for reading	/proc/1293/exe
File opened for reading	/proc/1236/exe
File opened for reading	/proc/434/exe
File opened for reading	/proc/443 EKBJOHC&
File opened for reading	/proc/520 EKBJOHC&

Writes file to tmp directory 7 IoCs

Malware often drops required files in the /tmp directory.

description	ioc
File opened for modification	/tmp/q:;(q)?*=6:19^
File opened for modification	/tmp/q:;(q37-=q)?*=6:19^
File opened for modification	/tmp/q:;(q ono)?*=6:19^
File opened for modification	/tmp/q:;(q ono~)?*=6:19^
File opened for modification	/tmp/q:;(q)?*=6:19n^
File opened for modification	/tmp/q;=q:;8?+2q)?*=6:19^
File opened for modification	/tmp/q-<70q)?*=6:19^

/tmp/3ed3485825a6fc56309f5721bef50489
/tmp/3ed3485825a6fc56309f5721bef50489
1⤵
PID:1535

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads