258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921

Analysis

max time kernel
154s
max time network
158s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
13/02/2024, 02:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf
Size

49KB
MD5

89d3cce7dbc9688305c0b2c5061c5a43
SHA1

576ac3175d85ddb3fceb3fb76fdd89929088d3b3
SHA256

258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921
SHA512

1df216f351fe3cca53718019988af647c690d8c6e057aad9a7f4c0d16ba92ad8378031810a9cebd0c5a47503dded6cfada42a8b54c25b81a647cde54ddcada06
SSDEEP

1536:Y6elVWRLShIvuIHuR86NofaE232Lb4mbAMwLUIgl:qjWBAAHuR86ofaE23bm/4UIgl

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	1563	258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf

Deletes itself 1 IoCs

pid	Process
1563	258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf

Renames itself 1 IoCs

pid	Process
1563	258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	103.87.68.195
Destination IP	70.34.254.19
Destination IP	103.87.68.194
Destination IP	103.87.68.194
Destination IP	103.87.68.194
Destination IP	89.163.140.67
Destination IP	63.231.92.27
Destination IP	63.231.92.27
Destination IP	35.211.96.150
Destination IP	103.87.68.195
Destination IP	70.34.254.19
Destination IP	89.163.140.67
Destination IP	64.176.6.48
Destination IP	51.254.162.59
Destination IP	45.84.1.149
Destination IP	51.254.162.59
Destination IP	54.36.111.116
Destination IP	35.211.96.150
Destination IP	185.84.81.194
Destination IP	89.163.140.67
Destination IP	89.163.140.67
Destination IP	80.78.132.79
Destination IP	63.231.92.27
Destination IP	103.87.68.194
Destination IP	51.77.149.139
Destination IP	217.160.70.42
Destination IP	217.160.70.42
Destination IP	70.34.254.19
Destination IP	51.254.162.59
Destination IP	63.231.92.27
Destination IP	103.87.68.194
Destination IP	185.84.81.194
Destination IP	64.176.6.48
Destination IP	103.87.68.194
Destination IP	185.84.81.194
Destination IP	185.84.81.194
Destination IP	185.84.81.194
Destination IP	89.163.140.67
Destination IP	64.176.6.48
Destination IP	64.176.6.48
Destination IP	51.254.162.59
Destination IP	35.211.96.150
Destination IP	103.87.68.194
Destination IP	103.87.68.194
Destination IP	80.78.132.79
Destination IP	80.78.132.79
Destination IP	103.87.68.194
Destination IP	217.160.70.42
Destination IP	217.160.70.42
Destination IP	45.84.1.149
Destination IP	217.160.70.42
Destination IP	80.78.132.79
Destination IP	80.78.132.79
Destination IP	45.84.1.149
Destination IP	35.211.96.150
Destination IP	70.34.254.19
Destination IP	103.87.68.195
Destination IP	70.34.254.19
Destination IP	64.176.6.48
Destination IP	51.254.162.59
Destination IP	63.231.92.27
Destination IP	45.84.1.149
Destination IP	103.87.68.194
Destination IP	35.211.96.150

/tmp/258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf
/tmp/258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf
1⤵
- Changes its process name
- Deletes itself
- Renames itself
PID:1563

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads