Analysis Overview
SHA256
1247a68b960aa81b7517c614c12c8b5d1921d1d2fdf17be636079ad94caf970f
Threat Level: Known bad
The file 3f328e68ed4d59973f9c5b4f36545ab0 was found to be: Known bad.
Malicious Activity Summary
Blackmatter family
Deletes itself
Deletes log files
Reads CPU attributes
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-03 22:34
Signatures
Blackmatter family
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-03 22:34
Reported
2024-01-03 22:37
Platform
ubuntu1804-amd64-20231215-en
Max time kernel
4s
Max time network
134s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes log files
| Description | Indicator | Process | Target |
| File truncated | /var/log/installer/.2146BC677F078171EFD9E535210536618953D86C250F460A | N/A | N/A |
| File truncated | /var/log/installer/ReadMe.txt | N/A | N/A |
| File truncated | /var/log/.1BF5CC212DC7FB1A0EFC4B93CB0C38C0C67838D9DC2DF9EF | N/A | N/A |
| File truncated | /var/log/ReadMe.txt | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/vm/overcommit_memory | N/A | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17 | /tmp/3f328e68ed4d59973f9c5b4f36545ab0 | N/A |
| File opened for modification | /tmp/daemon_1704317677.log | N/A | N/A |
Processes
/tmp/3f328e68ed4d59973f9c5b4f36545ab0
[/tmp/3f328e68ed4d59973f9c5b4f36545ab0]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.194.49:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.194.49:443 | cdn.fwupd.org | tcp |
| US | 151.101.65.91:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 195.181.164.16:443 | 1527653184.rsc.cdn77.org | tcp |
Files
/tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17
| MD5 | 7e6c36cd0eca5da79a64e13d02409a4f |
| SHA1 | c66c08510ceb67495b8965c5c0fb8f2382e871e3 |
| SHA256 | 30d7dbf153c6a3ead496dcd474ec2264244e5abfa52bfa44462092d0096e20a0 |
| SHA512 | 0eceb1e0abd905063e37826058e878f01b1835df4bc29382abe31250e8ce8b44a86882146af3d059c88e377e539b08a0dc4ed4573b17e16f68e1eee6f637f8c2 |
/tmp/daemon_1704317677.log
| MD5 | 299c2fcb1715816db0e2e983671545a8 |
| SHA1 | c3aeeff831c27a3b114e924ce13a48b5fac7f990 |
| SHA256 | fef2bb94ecd3da208d5a923dd2790dddbffc8eb3f25d6c1fa930bbc5bb0e03d5 |
| SHA512 | c2457de3884a646135843a7da88cde4eedbf55159dbdca139d0bee1553e4038f404a6101ebbd524b3bcab0589d352dc09b0cc46ce9c14d50fbbefa2d326c176b |
/var/log/ReadMe.txt
| MD5 | 9574a2575d6b362db1f9b78443a1336a |
| SHA1 | f0e842916eb0d0efeb02f75e7c0335598a388a9e |
| SHA256 | b012ea545aa829708146300bb07fbe92614cc6ea0cfdecd8743eeb5692220d85 |
| SHA512 | 3eec9a12e372c5b66d403929d430d7923adaac31b71ccc3dd0da8a9e86f3ef10e9886531160a97d0d3c3c1dd0a49d248497f6210edac84670210a8c303adb959 |
/var/log/.1BF5CC212DC7FB1A0EFC4B93CB0C38C0C67838D9DC2DF9EF
| MD5 | c36ce3660ba8c23b8a3d5ec03bf8dde1 |
| SHA1 | 323071155acd3c8c20b609fd585e6d6577aeb36b |
| SHA256 | 5a091703fed4af6f2a40da6d4b1a34e60ca2234dcc951ef7aef5fdde9ca95db7 |
| SHA512 | 3c3d7ea4eee2d1e8609bd482e18004d1a07cb143a3978bee067802a390b46b95a18bb76ff08120b24200bbe1bd3dde00d908fed3b33cd42c2e934665f7220c0c |
/var/log/installer/.2146BC677F078171EFD9E535210536618953D86C250F460A
| MD5 | fbee03e0a21ac127b2d22007811a315e |
| SHA1 | d116820314bf6de1358a66bfa2d60d893f862ec0 |
| SHA256 | e3b3c4913d579272e44a0b9c3d866745edcc47f458a4bf66994f2c328de71955 |
| SHA512 | 8d5639d13b405a2aff960f957beba069434cbb95275055dffb894ac0e243ba4ec01c6759ef28e12a4caddab84973bb9a91f0f18b5c4fe3650beefbf412729525 |