d6cfac34be9c6298e9e73a8377ae4b2ff9de7d2bf58eb00aa849833313dccd94

Analysis

max time kernel
149s
max time network
153s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
03-04-2024 06:56

Target

724fa59db0e8e169cbc316c3ec69c5e3
Size

416KB
MD5

724fa59db0e8e169cbc316c3ec69c5e3
SHA1

e74319d44c0a2980ec37da01727e218567144651
SHA256

d6cfac34be9c6298e9e73a8377ae4b2ff9de7d2bf58eb00aa849833313dccd94
SHA512

ed552d18d405ff0a3524538b6077068460908a2e945ac9fac78b4cda963153eca654dc91b1c89dfc679cd99a6250b3929df56bfd561faa594c176a73869a94c2
SSDEEP

3072:0BADestwmT/evCGOpOKx7ti+UxHez1PUwEEkGomBIYZzZ:0ytwmyvCLF7ti9k1ce1omBIYZzZ

Score

9^/10

discovery

Contacts a large (8323) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Changes its process name 1 IoCs

Processes:

description ioc pid

Changes the process name, possibly in an attempt to hide itself /bin/busybox 1561
Deletes itself 1 IoCs

Processes:

724fa59db0e8e169cbc316c3ec69c5e3

pid process

1560 724fa59db0e8e169cbc316c3ec69c5e3
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	/bin/busybox	1561

pid	process
1560	724fa59db0e8e169cbc316c3ec69c5e3

/tmp/724fa59db0e8e169cbc316c3ec69c5e3
/tmp/724fa59db0e8e169cbc316c3ec69c5e3
1⤵
- Deletes itself
PID:1560

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact