26512eaaff5bc36ae112b162031933a0b5465c0972cb98d6e30d0412a69204cf

Analysis

max time kernel
120s
max time network
142s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
11/04/2024, 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

susy_payload.bin
Size

676KB
MD5

97c30243191a6dc8ec11aa74c6e9f00c
SHA1

7979a80f78bc6b37cfd200480e84457e45165804
SHA256

26512eaaff5bc36ae112b162031933a0b5465c0972cb98d6e30d0412a69204cf
SHA512

7db26ca35821fbabb9740bbda5a216db128288e26784e9df117d5b102dd13577bd99b22aac393ad141df2652ad64b44793aa41d951f92f15eb0c13c435e66e0c
SSDEEP

12288:SG6k6BM2IE1EOoE5+r101buWLAk22axs8Mg051FNs6jnTFU0TXoAECKQ5MDzDQ2A:SG6kuM2IEKOo9YLe9x50TXjZU0TpECKI

Score

7^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	systemed-$	1474

Traces itself 1 IoCs

Traces itself to prevent debugging attempts

pid
1474

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery

T1082

description	ioc
File opened for reading	/sys/devices/system/cpu/online

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	susy_payload.bin
File opened for reading	/proc/self/loginuid	Process not Found

/tmp/susy_payload.bin
/tmp/susy_payload.bin
1⤵
- Reads runtime system information
PID:1466

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads