54c48edfc4b9ad5b5b4e97842ed5c269374b77759b1a5bef654df3089d75311d

Analysis

max time kernel
153s
max time network
164s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
26-12-2023 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45f345dd8221ca7d1d2e9222f55179d2
Size

97KB
MD5

45f345dd8221ca7d1d2e9222f55179d2
SHA1

76a3f069e80957124cdf1b1e041c13b6870dfffd
SHA256

54c48edfc4b9ad5b5b4e97842ed5c269374b77759b1a5bef654df3089d75311d
SHA512

7a35f04ccb5355e45c280ee1663b227e8b8570bcd5d64af0a03554f51f5235a35f780c60aec0739b2b4f7222e64600ed02163116cbd2d9973c8a94c222cad4e5
SSDEEP

3072:SYCZj/EZjBA3Vmqxq+7zIqStTmjNBcB9Y446QrM4HLFSQnT:SpZj/EZjczrEQT

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (1050) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc
File opened for modification	/etc/resolv.conf

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery

T1082

description	ioc
File opened for reading	/sys/devices/system/cpu/online

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/status	python2
File opened for reading	/proc/mounts	python2

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc
File opened for modification	/tmp/.. /.backups
File opened for modification	/tmp/45f345dd8221ca7d1d2e9222f55179d2

/tmp/45f345dd8221ca7d1d2e9222f55179d2
/tmp/45f345dd8221ca7d1d2e9222f55179d2
1⤵
PID:1533

/usr/local/sbin/python2
python2 /tmp/45f345dd8221ca7d1d2e9222f55179d2
1⤵
PID:1533

/usr/local/bin/python2
python2 /tmp/45f345dd8221ca7d1d2e9222f55179d2
1⤵
PID:1533

/usr/sbin/python2
python2 /tmp/45f345dd8221ca7d1d2e9222f55179d2
1⤵
PID:1533

/usr/bin/python2
python2 /tmp/45f345dd8221ca7d1d2e9222f55179d2
1⤵
- Reads runtime system information
PID:1533
- /sbin/ldconfig
  /sbin/ldconfig -p
  2⤵
  PID:1537
- /sbin/ldconfig.real
  /sbin/ldconfig.real -p
  2⤵
  PID:1537

/bin/sh
sh -c "uname -p 2> /dev/null"
1⤵
PID:1541
- /bin/uname
  uname -p
  2⤵
  PID:1542

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/.. /.backups

Filesize
4B

MD5
17e23e50bedc63b4095e3d8204ce063b

SHA1
464f9d1621f0799f4c4b7a2e884b21e4be81d222

SHA256
731d65cdd441fde25333a70782a078911af63ef672e299a906030e16ff66756b

SHA512
500dc81d5bd51e4e1bfa0ccfd7922d2c1da081a86844cd976c5c9e0d896dd78ec1631324cb634142875271e66c4800f8631a7d6dcef2ab5705f758d7e38dd7c3

Download Submit