Analysis
-
max time kernel
8s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
22-12-2023 12:46
Behavioral task
behavioral1
Sample
8d7a238d34f3c9151d98bea0c6e77911
Resource
ubuntu1804-amd64-20231215-en
General
-
Target
8d7a238d34f3c9151d98bea0c6e77911
-
Size
35KB
-
MD5
8d7a238d34f3c9151d98bea0c6e77911
-
SHA1
8d1c057fec2c979ac54114bc5964432a38f2570f
-
SHA256
907885e58df8bd4c1f3fca02a209fd4d9a99a519b58514a4cff95347bac5ed36
-
SHA512
7e013363a5812e103643e8fd3f5553c4b5a012d49456a0c0d6150b020306d4960184332aa967f1983284ef3ca0f5d93db20b0365e0797875e8f9bcd4bb010074
-
SSDEEP
96:9uLn173Wu4eRWlatsODOFun19YqnKmAEy9Ho4iFVxpl8mMwHeW5f5H4IkKc2LtG+:9uLR3p4e8GZRnjxP8c+O2ZYx79HC
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
ioc pid Process /tmp/upxDWRXYITABQO 1550 upxDWRXYITABQO -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/1550/exe 8d7a238d34f3c9151d98bea0c6e77911 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/upxDWRXYITABQO 8d7a238d34f3c9151d98bea0c6e77911
Processes
-
/tmp/8d7a238d34f3c9151d98bea0c6e77911/tmp/8d7a238d34f3c9151d98bea0c6e779111⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1550
-
/proc/1550/fd/3/tmp/8d7a238d34f3c9151d98bea0c6e779111⤵PID:1550
-
/tmp/upxDWRXYITABQO/tmp/8d7a238d34f3c9151d98bea0c6e779111⤵
- Executes dropped EXE
PID:1550
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD503f82f7bd65e9f4f82760aedfe6a1074
SHA122758f1b4cd61ac6c2e038a6883ae02be9614761
SHA2569338a82f0a44f7cce654c60dcb18254935644ec582588ba1c20943600af57950
SHA5121bc060ec23e0b2ef9215c35da6b95c36282d1bdef6a36c001082d446c24081c36f853e2b8000c2c2c9e81bf900b46f48b6113f66b5fdb4f0b4f2a16ebf4be0d3