Analysis
-
max time kernel
149s -
max time network
151s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240221-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
18-04-2024 20:11
Behavioral task
behavioral1
Sample
7dca39066597a4dc093b6d31a65ae4e3.elf
Resource
ubuntu2004-amd64-20240221-en
ubuntu-20.04-amd64
3 signatures
150 seconds
General
-
Target
7dca39066597a4dc093b6d31a65ae4e3.elf
-
Size
45KB
-
MD5
7dca39066597a4dc093b6d31a65ae4e3
-
SHA1
50a2113d43f547708893487b29e3cc1eef568ab0
-
SHA256
7d34f68e05ff02c35610806b8138d2e2c3bd7a2168b2e9c4335af1c38a2ad6a4
-
SHA512
ffcc149af4d1a19a6ebd97c1d7ef38f8082075dc7e73a292ff8face85778f3aa6f007da9d5ae7677056d76b894bca93d3ead0ad8e8a152da115bcf7b2b227f78
-
SSDEEP
768:kFsCAjAHYeH0OVnC/I3JcXKcgVgQ9E27PVFrvFb+INmUaD4y8Bj/Ms3IU:kFsCAjAHFHNVnLZ+gV5W0D+INm9D4PLJ
Score
9/10
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
Processes:
7dca39066597a4dc093b6d31a65ae4e3.elfdescription ioc pid process Changes the process name, possibly in an attempt to hide itself a 1475 7dca39066597a4dc093b6d31a65ae4e3.elf -
Unexpected DNS network traffic destination 6 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 139.99.46.21 Destination IP 139.99.46.21 Destination IP 139.99.46.21 Destination IP 139.99.46.21 Destination IP 139.99.46.21 Destination IP 139.99.46.21