9d922c06c6ea17ad489d1dfe38a643da08ae122af82b32caab38af27545f95d8

Analysis

max time kernel
155s
max time network
157s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
31/12/2023, 00:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

22156fcea967b8462b9d1710bdfd42e7
Size

39KB
MD5

22156fcea967b8462b9d1710bdfd42e7
SHA1

ecd7369f9fd9e5ae7de61880fd7556bec327c99c
SHA256

9d922c06c6ea17ad489d1dfe38a643da08ae122af82b32caab38af27545f95d8
SHA512

a33f7e73da17ce318ea85f696d290c684bb944b87d0f70ac0c9da24faff46f9790936975c5bb2690f69c8b9c1de17c8f58e83313113807d94ef8e76876cd3ca1
SSDEEP

768:QVoRjH8C40eAXx+GN7GEMfw7YdNRkoM28t:Eo5H8C40LB+GoESyYdNig8

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	fmpg9xwlmnfn	1593	22156fcea967b8462b9d1710bdfd42e7

Deletes itself 1 IoCs

pid	Process
1593	22156fcea967b8462b9d1710bdfd42e7

Unexpected DNS network traffic destination 14 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/537/exe
File opened for reading	/proc/539/maps
File opened for reading	/proc/1325/comm
File opened for reading	/proc/1481/exe
File opened for reading	/proc/1596/comm
File opened for reading	/proc/440/comm
File opened for reading	/proc/1106/comm
File opened for reading	/proc/1111/maps
File opened for reading	/proc/1174/comm
File opened for reading	/proc/1596/exe
File opened for reading	/proc/562/exe
File opened for reading	/proc/1174/maps
File opened for reading	/proc/1203/exe
File opened for reading	/proc/1317/comm
File opened for reading	/proc/1213/comm
File opened for reading	/proc/1156/comm
File opened for reading	/proc/1177/maps
File opened for reading	/proc/1267/exe
File opened for reading	/proc/1579/exe
File opened for reading	/proc/981/comm
File opened for reading	/proc/1124/comm
File opened for reading	/proc/1206/maps
File opened for reading	/proc/1212/comm
File opened for reading	/proc/460/exe
File opened for reading	/proc/460/comm
File opened for reading	/proc/468/maps
File opened for reading	/proc/693/maps
File opened for reading	/proc/1152/comm
File opened for reading	/proc/1191/exe
File opened for reading	/proc/577/exe
File opened for reading	/proc/620/exe
File opened for reading	/proc/659/comm
File opened for reading	/proc/1068/maps
File opened for reading	/proc/479/comm
File opened for reading	/proc/1212/exe
File opened for reading	/proc/1341/exe
File opened for reading	/proc/1351/maps
File opened for reading	/proc/440/exe
File opened for reading	/proc/468/comm
File opened for reading	/proc/981/exe
File opened for reading	/proc/1188/maps
File opened for reading	/proc/471/maps
File opened for reading	/proc/1221/comm
File opened for reading	/proc/1106/maps
File opened for reading	/proc/1188/comm
File opened for reading	/proc/1401/maps
File opened for reading	/proc/1351/exe
File opened for reading	/proc/334/comm
File opened for reading	/proc/1093/maps
File opened for reading	/proc/1173/exe
File opened for reading	/proc/1186/comm
File opened for reading	/proc/1351/comm
File opened for reading	/proc/457/exe
File opened for reading	/proc/481/comm
File opened for reading	/proc/880/comm
File opened for reading	/proc/1097/comm
File opened for reading	/proc/471/exe
File opened for reading	/proc/734/exe
File opened for reading	/proc/1081/exe
File opened for reading	/proc/1179/maps
File opened for reading	/proc/457/comm
File opened for reading	/proc/539/comm
File opened for reading	/proc/695/comm
File opened for reading	/proc/1179/comm

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/22156fcea967b8462b9d1710bdfd42e7	22156fcea967b8462b9d1710bdfd42e7

/tmp/22156fcea967b8462b9d1710bdfd42e7
/tmp/22156fcea967b8462b9d1710bdfd42e7
1⤵
- Changes its process name
- Deletes itself
- Writes file to tmp directory
PID:1593

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads