41950639f9bf25f7d17d8ddd6142a36566290b6701adb0dd630f98338d614eac

Analysis

max time kernel
149s
max time network
155s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240221-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
23/02/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

huhu.x86_64.elf
Size

148KB
MD5

5372d1df14ce5400783a6d22e4a50fc5
SHA1

f9bdf10ca630dbd398a3819f14f324c47d34b17b
SHA256

41950639f9bf25f7d17d8ddd6142a36566290b6701adb0dd630f98338d614eac
SHA512

c3973ce3e250b06ea5865ff50872838dcce7a1811c3e2735997484f247d734bad9495f33fd9e2525fd8a8170ca4268b9f3df1c66be205005c472728ef1cc35f8
SSDEEP

3072:tc2jTvefVVkUN1WapK95bXKAvFnDEyc/2EiLPku2H1:tc2jTvefVVkUCivqSH1

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (78825) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	=5>,( =	1591	huhu.x86_64.elf

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc
File opened for reading	/proc/1187/cmdline
File opened for reading	/proc/1190/cmdline
File opened for reading	/proc/1191/cmdline
File opened for reading	/proc/1204/cmdline
File opened for reading	/proc/80/cmdline
File opened for reading	/proc/179/cmdline
File opened for reading	/proc/613/cmdline
File opened for reading	/proc/1158/cmdline
File opened for reading	/proc/1293/cmdline
File opened for reading	/proc/1327/cmdline
File opened for reading	/proc/1621/cmdline
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/247/cmdline
File opened for reading	/proc/1109/cmdline
File opened for reading	/proc/1186/cmdline
File opened for reading	/proc/1622/cmdline
File opened for reading	/proc/1626/cmdline
File opened for reading	/proc/20/cmdline
File opened for reading	/proc/29/cmdline
File opened for reading	/proc/127/cmdline
File opened for reading	/proc/1594/cmdline
File opened for reading	/proc/31/cmdline
File opened for reading	/proc/1172/cmdline
File opened for reading	/proc/1313/cmdline
File opened for reading	/proc/1570/cmdline
File opened for reading	/proc/1146/cmdline
File opened for reading	/proc/1460/cmdline
File opened for reading	/proc/167/cmdline
File opened for reading	/proc/175/cmdline
File opened for reading	/proc/436/cmdline
File opened for reading	/proc/1178/cmdline
File opened for reading	/proc/501/cmdline
File opened for reading	/proc/649/cmdline
File opened for reading	/proc/725/cmdline
File opened for reading	/proc/1212/cmdline
File opened for reading	/proc/14/cmdline
File opened for reading	/proc/25/cmdline
File opened for reading	/proc/177/cmdline
File opened for reading	/proc/461/cmdline
File opened for reading	/proc/1162/cmdline
File opened for reading	/proc/1332/cmdline
File opened for reading	/proc/172/cmdline
File opened for reading	/proc/209/cmdline
File opened for reading	/proc/505/cmdline
File opened for reading	/proc/984/cmdline
File opened for reading	/proc/11/cmdline
File opened for reading	/proc/321/cmdline
File opened for reading	/proc/1137/cmdline
File opened for reading	/proc/480/cmdline
File opened for reading	/proc/488/cmdline
File opened for reading	/proc/1063/cmdline
File opened for reading	/proc/1589/cmdline
File opened for reading	/proc/8/cmdline
File opened for reading	/proc/98/cmdline
File opened for reading	/proc/174/cmdline
File opened for reading	/proc/181/cmdline
File opened for reading	/proc/1208/cmdline
File opened for reading	/proc/1592/cmdline
File opened for reading	/proc/1628/cmdline
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/10/cmdline
File opened for reading	/proc/82/cmdline
File opened for reading	/proc/325/cmdline
File opened for reading	/proc/1039/cmdline

/tmp/huhu.x86_64.elf
/tmp/huhu.x86_64.elf
1⤵
- Changes its process name
PID:1591

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...