aeeca28a10aed98529173178dacc8533fc21fc22f2f88fd3e5e073c97445f2d8 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

aeeca28a10...d8.elf

ubuntu-18.04-amd64

9

Sharing

Copy URL Twitter E-mail

General

Target

aeeca28a10aed98529173178dacc8533fc21fc22f2f88fd3e5e073c97445f2d8.elf
Size

56KB
Sample

240428-b92z1sdh9w
MD5

4e3269ecb73ec06315bb4649325006c9
SHA1

1f6a25b2282f2acaed2f02b25eb5e3180f2232a9
SHA256

aeeca28a10aed98529173178dacc8533fc21fc22f2f88fd3e5e073c97445f2d8
SHA512

3a2c8ad687acfd910415b3e310f08cdb8079f7e01260de8b91bc3f51eabe6a458ff68c132d78664634ffe6d0e61ec127ef5bd2a298c700262b8e239ab85ca8f3
SSDEEP

1536:8xbwc3xtoU5L+5Ak32hv5rirb/2fpqYbA7gA/GzQR:8xMixtoiLvkGt5irb/2sYbAc+G

Score

9^/10

discovery linux

Static task

static1

Behavioral task

behavioral1

Sample

aeeca28a10aed98529173178dacc8533fc21fc22f2f88fd3e5e073c97445f2d8.elf

Resource

ubuntu1804-amd64-20240418-en

ubuntu-18.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  aeeca28a10aed98529173178dacc8533fc21fc22f2f88fd3e5e073c97445f2d8.elf
- Size
  
  56KB
- MD5
  
  4e3269ecb73ec06315bb4649325006c9
- SHA1
  
  1f6a25b2282f2acaed2f02b25eb5e3180f2232a9
- SHA256
  
  aeeca28a10aed98529173178dacc8533fc21fc22f2f88fd3e5e073c97445f2d8
- SHA512
  
  3a2c8ad687acfd910415b3e310f08cdb8079f7e01260de8b91bc3f51eabe6a458ff68c132d78664634ffe6d0e61ec127ef5bd2a298c700262b8e239ab85ca8f3
- SSDEEP
  
  1536:8xbwc3xtoU5L+5Ak32hv5rirb/2fpqYbA7gA/GzQR:8xMixtoiLvkGt5irb/2sYbAc+G
Score

9^/10

discovery
- Contacts a large (14808) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy