Analysis
-
max time kernel
149s -
max time network
152s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
-
submitted
21/02/2024, 03:09
General
-
Target
9d0f87de4c4cda03364ea184070a9ec0ca994f48b460f1088b6aadbb32cc790d.elf
-
Size
61KB
-
MD5
76fce295c4d9b3bd684de4610731273f
-
SHA1
46ad640e60b604dc4f513c6f0379a817d0cdea32
-
SHA256
9d0f87de4c4cda03364ea184070a9ec0ca994f48b460f1088b6aadbb32cc790d
-
SHA512
8040c9286739905fa407656d606cb53813d905288ad7e7a65aa8ecb5634dfaa320a70e41432d332d42f4422dfa6d7e736b3f87c7bd56da81e44b0f5611364e24
-
SSDEEP
1536:dpmbSQ6U3q7cCBT/lZsK/XYDiwE2NsimfFoktCe3fcxQj:WShU3q7cEDlCK/XYDsHi8Fok06fcxM
Malware Config
Signatures
-
Contacts a large (37877) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/9d0f87de4c4cda03364ea184070a9ec0ca994f48b460f1088b6aadbb32cc790d.elf/tmp/9d0f87de4c4cda03364ea184070a9ec0ca994f48b460f1088b6aadbb32cc790d.elf1⤵
- Changes its process name
-
/bin/shsh -c "rm -rf bin/systemd && mkdir bin; >p4�bin/systemd && mv /tmp/9d0f87de4c4cda03364ea184070a9ec0ca994f48b460f1088b6aadbb32cc790d.elf bin/systemd; chmod 777 bin/systemd"2⤵
- Writes file to tmp directory
-
/bin/rmrm -rf bin/systemd3⤵
-
-
/bin/mkdirmkdir bin3⤵
-
-
/bin/chmodchmod 777 bin/systemd3⤵
-
-