f5a8a4bb0cfa79562a7e1b484949ff45b019f75b2e269a490fd8acf75a44540b

Resubmissions

08/01/2024, 10:33

240108-mlrd6aggg8 6

08/01/2024, 10:30

240108-mj7ncsfhgr 6

08/01/2024, 10:29

240108-mjbkxsggd4 6

08/01/2024, 10:27

240108-mg2z4afhdp 6

Analysis

max time kernel
5s
max time network
36s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
08/01/2024, 10:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

unknown.elf
Size

1.2MB
MD5

9b14cc3b1d8f8c290d607d181529f8e3
SHA1

16b594a96298463acbc91d5e4ffc90184923413d
SHA256

f5a8a4bb0cfa79562a7e1b484949ff45b019f75b2e269a490fd8acf75a44540b
SHA512

bc7897b09ed722fe6bb6e494b6049294dc0fb05938a82611333c8d560e9a9e0c7740d70b9ce56be3462fcf79bca2a11d9a7a33498aa3374e78e0053e4187f99b
SSDEEP

24576:SBHj9n1SKNk1QbdGfVmNtGtR/2qYeFABKGNPhVc95OTmBrnf4XZnS85weLgo9GOE:SBD9n1SKNk1QbdGfVmNg/lYeFABKG9ho

Score

6^/10

persistence

Malware Config

Signatures

Creates/modifies environment variables 1 TTPs 4 IoCs

Creating/modifying environment variables is a common persistence mechanism.

persistence

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/home/user/.profile
File opened for modification	/home/user/.bashrc
File opened for modification	/root/.profile
File opened for modification	/root/.bashrc

Modifies Bash startup script 1 TTPs 4 IoCs

persistence

Boot or Logon Autostart Execution

T1547

description	ioc
File opened for modification	/root/.profile
File opened for modification	/root/.bashrc
File opened for modification	/home/user/.profile
File opened for modification	/home/user/.bashrc

Creates .desktop file 1 TTPs 1 IoCs

Linux desktops like GNOME require .desktop files to register applications. Sometimes abused by malware for persistence.

persistence

User Execution

T1204

description	ioc
File opened for modification	/home/user/examples.desktop

/tmp/unknown.elf
/tmp/unknown.elf
1⤵
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

User Execution

T1204

Persistence

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/home/README_E_S_GI.TXT

Filesize
251B

MD5
cb6fcb204dd1e9cfee810519b2cf1099

SHA1
b2321137beedb393aa102091119a0d7fcb52aa66

SHA256
c3cd04b72082c47bd5096b78d54234b55c0aac7496a03bd35d7d87f2df027c35

SHA512
72f3f484c05565c1a38c3b093e2abcc897b97cf93ff37aa7eb9fede77b47621fad1d9958c62e51aa7ec8cf83af77f353f1a69fa03e2660ad61cfc026234133eb

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads