1712d463d4d8c2032bab80290bd491e38b3d52f2785a882054417b6ccf337d59

Analysis

max time kernel
5s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231222-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22/01/2024, 15:33

Target

6fcb78c5ae34d4aaaa999fdf525606aa
Size

7KB
MD5

6fcb78c5ae34d4aaaa999fdf525606aa
SHA1

95b2f6d3ca9562eb9b40b29507d928a296f17f6e
SHA256

1712d463d4d8c2032bab80290bd491e38b3d52f2785a882054417b6ccf337d59
SHA512

dde7f58eef75d2f2ee56ec0e5f0eb0fb615b3e943d524035a7401487abe5788becd2f90892aa9cebcc8ecaec4f11b2705beb8f71b46eaf8962085c950d2966b7
SSDEEP

192:9i8CQ0NJSnu+hE95mmD/9qOJZt4ddA5r04J77bIwS:9i8z0NJSnu+aKmDgcZuddA5r04HTS

Score

7^/10

Executes dropped EXE 1 IoCs

ioc	pid	Process
/tmp/upxDCTDLEBABSH	1607	upxDCTDLEBABSH

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/1607/exe	6fcb78c5ae34d4aaaa999fdf525606aa

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/upxDCTDLEBABSH	6fcb78c5ae34d4aaaa999fdf525606aa

/tmp/upxDCTDLEBABSH
/tmp/6fcb78c5ae34d4aaaa999fdf525606aa
1⤵
- Executes dropped EXE
PID:1607

/tmp/upxDCTDLEBABSH

Filesize
14KB

MD5
ab9d531445445b87e7beeebcf88b0ea1

SHA1
22ad571ca898172f6cb4ba769a4eaa97c31931b3

SHA256
e67a3cae19ac53b748c962c718e87207a7f6a51fd39d3d77a519b9cb397672fc

SHA512
c959a78773e49eef08fc4c95dd085c1eb32438e9af9585f6811904be4513f062c4995ef464a1fe5d8f71e59ece6b7a5e753da34fe3309dd84f711d51c80281d1

Download Submit