Analysis

  • max time kernel
    8s
  • max time network
    131s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22-12-2023 12:46

General

  • Target

    8d7a238d34f3c9151d98bea0c6e77911

  • Size

    35KB

  • MD5

    8d7a238d34f3c9151d98bea0c6e77911

  • SHA1

    8d1c057fec2c979ac54114bc5964432a38f2570f

  • SHA256

    907885e58df8bd4c1f3fca02a209fd4d9a99a519b58514a4cff95347bac5ed36

  • SHA512

    7e013363a5812e103643e8fd3f5553c4b5a012d49456a0c0d6150b020306d4960184332aa967f1983284ef3ca0f5d93db20b0365e0797875e8f9bcd4bb010074

  • SSDEEP

    96:9uLn173Wu4eRWlatsODOFun19YqnKmAEy9Ho4iFVxpl8mMwHeW5f5H4IkKc2LtG+:9uLR3p4e8GZRnjxP8c+O2ZYx79HC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/8d7a238d34f3c9151d98bea0c6e77911
    /tmp/8d7a238d34f3c9151d98bea0c6e77911
    1⤵
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1550
  • /proc/1550/fd/3
    /tmp/8d7a238d34f3c9151d98bea0c6e77911
    1⤵
      PID:1550
    • /tmp/upxDWRXYITABQO
      /tmp/8d7a238d34f3c9151d98bea0c6e77911
      1⤵
      • Executes dropped EXE
      PID:1550

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /tmp/upxDWRXYITABQO

      Filesize

      14KB

      MD5

      03f82f7bd65e9f4f82760aedfe6a1074

      SHA1

      22758f1b4cd61ac6c2e038a6883ae02be9614761

      SHA256

      9338a82f0a44f7cce654c60dcb18254935644ec582588ba1c20943600af57950

      SHA512

      1bc060ec23e0b2ef9215c35da6b95c36282d1bdef6a36c001082d446c24081c36f853e2b8000c2c2c9e81bf900b46f48b6113f66b5fdb4f0b4f2a16ebf4be0d3