02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6

Analysis

max time kernel
149s
max time network
146s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
25-04-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf
Size

92KB
MD5

dc5798b63ec910732be55e786b58736b
SHA1

cc0c6f8bb673a14e57d54ebb423fa8422886882e
SHA256

02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6
SHA512

61b9fe50a4bf3f6f7014410eb4374ac6cb98820911fad9e34c324ee02c194858d6d59fb50e449241825c181265be41cacadb8c9c53fe581fb1950ac703bab0c8
SSDEEP

1536:HQAaxtd+eDyG9voQUV+1Fb4eLaQV3u5ewdks7zSMLoEQ1It3R+yd5pwWa7DrjZt/:wAaLoCyMA+fdGiAr2+q

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf

pid process

1462 02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description ioc

Destination IP 178.254.22.166
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery
T1049

Processes:

02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf

description ioc process

File opened for reading /proc/net/tcp 02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf

pid	process
1462	02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf

description	ioc
Destination IP	178.254.22.166

description	ioc	process
File opened for reading	/proc/net/tcp	02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf

Changes its process name 1 IoCs

Processes:

02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	emetoq8msl31uualj505ih1k	1462	02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf

Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf

description ioc process

File opened for reading /proc/net/tcp 02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf

description	ioc	process
File opened for reading	/proc/net/tcp	02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf

/tmp/02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf
/tmp/02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf
1⤵
- Deletes itself
- Enumerates active TCP sockets
- Changes its process name
- Reads system network configuration
PID:1462

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1049

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads