7f78a63b2c49f59350eaf972d655a59b2abd6820f8a5ec1a4bfca69acb356b86

Analysis

max time kernel
153s
max time network
155s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19/12/2023, 23:31

Target

6cd687a2cda9914749f8fcd19e3e37ee
Size

46KB
MD5

6cd687a2cda9914749f8fcd19e3e37ee
SHA1

2352a611bcafb4fa40611a82e6116d8aacb19e09
SHA256

7f78a63b2c49f59350eaf972d655a59b2abd6820f8a5ec1a4bfca69acb356b86
SHA512

6d0080a8e1121fa5e4a34b904ecd8d039f22074603ff4bd5862e9e22bed8291cd7b9c64ee3c11542f6358e7a5bde6db06c8a910888d9e28bc68770f2122b51c8
SSDEEP

768:tls5yOV9Gu1vdMn+UpDnpj3SCeoyDPIih897xkQ+aIO:tlNy9GsvdMn+Ap0oUPIia1Z+a

Score

9^/10

discovery

Contacts a large (114203) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	["rekbot"]	1536

/tmp/6cd687a2cda9914749f8fcd19e3e37ee
/tmp/6cd687a2cda9914749f8fcd19e3e37ee
1⤵
PID:1534

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact