Overview

overview

10

Static

static

10

d2b09064b4...48ebdb

ubuntu-18.04-amd64

9

Analysis

  • max time kernel
    155s
  • max time network
    160s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    20-12-2023 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2b09064b486bce8885444c18f48ebdb

  • Size

    34KB

  • MD5

    d2b09064b486bce8885444c18f48ebdb

  • SHA1

    45baffd30135757affa73779a1434fc59e5750a4

  • SHA256

    3b542dcfe0030dd1e2a9b1dd0499b7cf6c12391af2e09b39bc37d1ba6da30bf4

  • SHA512

    21c2acd8b4436e828213157c002a3c49aa4bfd608f66f1c66df0c291ce3285af89066dc381f80ef12f89cf26ca3dd4052cccd7de9f902a62cff26587a6b08ffb

  • SSDEEP

    768:kuB0X2VT51qAiEsCRAiSTwE3Hk9+yq3IjYb:9B0X2V11qdiS8aE9+y2Ij

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (53627) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/d2b09064b486bce8885444c18f48ebdb
    /tmp/d2b09064b486bce8885444c18f48ebdb
    1⤵
      PID:1604

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Hijack Execution Flow

    1
    T1574

    Privilege Escalation

    Hijack Execution Flow

    1
    T1574

    Defense Evasion

    Impair Defenses

    1
    T1562

    Hijack Execution Flow

    1
    T1574

    Credential Access

    Discovery

    Network Service Discovery

    2
    T1046

    System Network Connections Discovery

    1
    T1049

    System Network Configuration Discovery

    1
    T1016

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads