Analysis
-
max time kernel
5s -
max time network
133s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
-
submitted
02-01-2024 14:36
General
-
Target
e559ce2050868f97404610e59fffb2db.elf
-
Size
4.4MB
-
MD5
e559ce2050868f97404610e59fffb2db
-
SHA1
1e7316cce516c110b4858093f610db9f79a202ac
-
SHA256
03888813079d01e1ba2d2675cf35724e529d58a78b9efd8161c746e8e33c643d
-
SHA512
88238fe1ca353181a10c5d7d99cf73beabb980795bb84172c3c713d58c10bdb88ada429ddf4d3991c643768c6459f9d82291b5677adf88dfcb23d5d66a6664e8
-
SSDEEP
49152:xcYBhGN1FeeUHrc3oYIOWhMojcrthMrTo55xk16Sm46adbADL10B1:1f6DYI3o1hh8hL
Malware Config
Signatures
-
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Writes file to shm directory 1 IoCs
Malware can drop malicious files in the shm directory which will run directly from RAM.
Processes
-
/tmp/e559ce2050868f97404610e59fffb2db.elf/tmp/e559ce2050868f97404610e59fffb2db.elf1⤵
- Enumerates kernel/hardware configuration
-
/bin/bashbash -c "echo '@reboot ../.local/share/updates' >> /dev/shm/mycron"2⤵
- Writes file to shm directory
-
-
/usr/bin/crontabcrontab -u /dev/shm/mycron2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32B
MD5c83ef1acb4da94b9801a8e3d6fa02912
SHA1bde69689c815a9a1be40874284da270752edd5e6
SHA256c71134139edd6d98813fe83e8227369b85aa87cfc4bbd9da5aa3c434b6c2d5e2
SHA5125065399199afce5550322402cb31d92fbdcb9ff9beb63d3519f61805f1ad967100df0294fcf729904ac1143157c710873cfefdda9485dbd5af4991fe65d48d88