General
-
Target
89fe382c8842bddaead4c2d51e82f6dd.bin
-
Size
1.8MB
-
Sample
240419-bz3hssea6y
-
MD5
413df80aabe9823c06776290a345d744
-
SHA1
5121ae54b5ed8e623e993d2f1d5a67fd6c7670ae
-
SHA256
bd4274bb0d766ff21372eb9ce674082e468889a030b43a5341a4f6e380fbaa2f
-
SHA512
811fbe0f58df5b93ca432e125b2d5806e8477b154a8c03e1728dadc7f468e9bebc4ea4fb5450af7b0313096ddda1ea81154fba5b0cc13a92e2ed165c9526b998
-
SSDEEP
49152:GhNFWtgAVKQBFdpinHAQrt448dCi+JEX74ubs/YZNO4:GLECAIsdpinHAQrcAi+JE8uuGc4
Behavioral task
behavioral1
Sample
6abe4b95f1bf4a2bb03468eba8eb72fb7ff3f339cfa1a226dd0ca22e6997b30b.elf
Resource
ubuntu1804-amd64-20240226-en
Malware Config
Targets
-
-
Target
6abe4b95f1bf4a2bb03468eba8eb72fb7ff3f339cfa1a226dd0ca22e6997b30b.elf
-
Size
1.8MB
-
MD5
89fe382c8842bddaead4c2d51e82f6dd
-
SHA1
6459b07ac70ec643ab4b585170a16914991b8686
-
SHA256
6abe4b95f1bf4a2bb03468eba8eb72fb7ff3f339cfa1a226dd0ca22e6997b30b
-
SHA512
f86a4ba581520c5325a66d1934ca4c054a5815850879b47d70d03954c15e588a62445c9bc270e4c6217a784972e518470c59ff5a2f27a56d5fb0dda24a661163
-
SSDEEP
49152:T/LqKFCQyDi8ee/zmCLa4yyrChkwl+3r6+Mziv2UaPfz:XzWDaeLmvmWYJaiu1fz
Score9/10-
Contacts a large (1318288) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-