Analysis
-
max time kernel
155s -
max time network
159s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
05-01-2024 01:36
Static task
static1
Behavioral task
behavioral1
Sample
426e7f898a0e0a9ccff6fd922a28c652
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
6 signatures
150 seconds
General
-
Target
426e7f898a0e0a9ccff6fd922a28c652
-
Size
33KB
-
MD5
426e7f898a0e0a9ccff6fd922a28c652
-
SHA1
77f7973464b13deab5be6ea3036adef18176bacb
-
SHA256
94ae9b29d3ea02cbe824295642c9f7a6206ebd7cca74050e697943f05d0b8407
-
SHA512
0f96e3799c6623ad63c69d319270931f305354d808a5bcca544f905a925e8720a6f28d5508fe659a101d1f2929122d8c96cf14d674a0ce9cbb4e631e98617c5a
-
SSDEEP
768:tKk1/sOmVkXeCFbQwHk3gCb2JBD0SKSq6bi0YV:tp1/BPHk34XRKSFbiR
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1540 426e7f898a0e0a9ccff6fd922a28c652 -
Deletes itself 1 IoCs
pid Process 1540 426e7f898a0e0a9ccff6fd922a28c652 -
Unexpected DNS network traffic destination 7 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 1.0.0.1 Destination IP 1.0.0.1 Destination IP 1.0.0.1 Destination IP 1.0.0.1 Destination IP 1.0.0.1 Destination IP 1.0.0.1 Destination IP 1.0.0.1 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/1105/maps File opened for reading /proc/1297/comm File opened for reading /proc/1538/exe File opened for reading /proc/458/exe File opened for reading /proc/593/exe File opened for reading /proc/1133/maps File opened for reading /proc/1194/maps File opened for reading /proc/1198/maps File opened for reading /proc/1296/maps File opened for reading /proc/665/exe File opened for reading /proc/1016/maps File opened for reading /proc/1120/exe File opened for reading /proc/1150/comm File opened for reading /proc/457/exe File opened for reading /proc/490/maps File opened for reading /proc/1137/maps File opened for reading /proc/1261/exe File opened for reading /proc/1384/exe File opened for reading /proc/1514/exe File opened for reading /proc/1537/maps File opened for reading /proc/665/maps File opened for reading /proc/1051/maps File opened for reading /proc/1344/comm File opened for reading /proc/1105/exe File opened for reading /proc/1133/comm File opened for reading /proc/1071/comm File opened for reading /proc/1080/comm File opened for reading /proc/1514/comm File opened for reading /proc/1543/maps File opened for reading /proc/496/comm File opened for reading /proc/927/exe File opened for reading /proc/1120/maps File opened for reading /proc/1167/maps File opened for reading /proc/1170/maps File opened for reading /proc/1172/maps File opened for reading /proc/1335/comm File opened for reading /proc/1361/comm File opened for reading /proc/437/exe File opened for reading /proc/1021/maps File opened for reading /proc/640/maps File opened for reading /proc/1073/maps File opened for reading /proc/1159/comm File opened for reading /proc/1263/comm File opened for reading /proc/472/exe File opened for reading /proc/472/comm File opened for reading /proc/1315/maps File opened for reading /proc/1536/comm File opened for reading /proc/431/exe File opened for reading /proc/455/maps File opened for reading /proc/1129/maps File opened for reading /proc/709/comm File opened for reading /proc/1073/exe File opened for reading /proc/643/maps File opened for reading /proc/648/comm File opened for reading /proc/665/comm File opened for reading /proc/1178/comm File opened for reading /proc/1200/comm File opened for reading /proc/1543/exe File opened for reading /proc/451/exe File opened for reading /proc/551/exe File opened for reading /proc/1466/comm File opened for reading /proc/1121/maps File opened for reading /proc/1191/maps File opened for reading /proc/1245/maps -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/426e7f898a0e0a9ccff6fd922a28c652 426e7f898a0e0a9ccff6fd922a28c652