762a4f2bf5ea4ff72fce674da1adf29f0b9357be18de4cd992d79198c56bb514

Analysis

max time kernel
155s
max time network
145s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19/12/2023, 23:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5bd44a35094fe6f7794d895122ddfa62
Size

7.3MB
MD5

5bd44a35094fe6f7794d895122ddfa62
SHA1

98172e49c3d5d70ffdcefd071f9762c58430a393
SHA256

762a4f2bf5ea4ff72fce674da1adf29f0b9357be18de4cd992d79198c56bb514
SHA512

4033c7335a44a7536a3980aad8cf18ff6336186d71dd7b7f02c3d5c93001ed974285fe9fbbf783bc0abac3e3b3581993ad6d2ac285249aa24b0aafa261f74de8
SSDEEP

49152:mNLLdMtTbVDtCsN5laK2BfCDvI7ZR9kAs5dkPjU2NhYCWpdLJaDSfUGZnh7X3cM9:mNlMt1tCsN5LGfCL7ATfscS8QhXP

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (7843) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
14	ipinfo.io
15	ipinfo.io
20	ipinfo.io

Reads runtime system information 7 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/sys/kernel/hostname	Process not Found
File opened for reading	/proc/sys/net/core/somaxconn	5bd44a35094fe6f7794d895122ddfa62
File opened for reading	/proc/filesystems	id
File opened for reading	/proc/sys/net/core/somaxconn	5bd44a35094fe6f7794d895122ddfa62
File opened for reading	/proc/filesystems	id
File opened for reading	/proc/self/exe	5bd44a35094fe6f7794d895122ddfa62
File opened for reading	/proc/self/fd	Process not Found

GoLang User-Agent 10 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	4282	Go-http-client/1.1
HTTP User-Agent header	4408	Go-http-client/1.1
HTTP User-Agent header	4379	Go-http-client/1.1
HTTP User-Agent header	4401	Go-http-client/1.1
HTTP User-Agent header	4405	Go-http-client/1.1
HTTP User-Agent header	4412	Go-http-client/1.1
HTTP User-Agent header	4419	Go-http-client/1.1
HTTP User-Agent header	4423	Go-http-client/1.1
HTTP User-Agent header	4330	Go-http-client/1.1
HTTP User-Agent header	4361	Go-http-client/1.1

/tmp/5bd44a35094fe6f7794d895122ddfa62
/tmp/5bd44a35094fe6f7794d895122ddfa62
1⤵
- Reads runtime system information
PID:1552
- /usr/bin/id
  id -un
  2⤵
  - Reads runtime system information
  PID:1556

/tmp/5bd44a35094fe6f7794d895122ddfa62
/tmp/5bd44a35094fe6f7794d895122ddfa62 "-ipc.fd=3" scan
1⤵
- Reads runtime system information
PID:1564
- /usr/bin/id
  id -un
  2⤵
  - Reads runtime system information
  PID:1569

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads