Overview

overview

10

Static

static

10

f3d5ae835b...62.elf

ubuntu-18.04-amd64

7

Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    04-05-2024 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f3d5ae835b02002a50396c70b611c546760e18d666bca9cc2f3bcbd998974362.elf

  • Size

    53KB

  • MD5

    699288e9db2c10f824e09f6bcfc5b6c7

  • SHA1

    cc4270b4ac232a3d50c9bf8f4456a05f3fe4ce45

  • SHA256

    f3d5ae835b02002a50396c70b611c546760e18d666bca9cc2f3bcbd998974362

  • SHA512

    fecfbed79e16fadf1cc78249a1dbb4be0fbff3535f5eb4661ee75949946b0b8c882d8c5afdf1c61de91edf3a895016fee7213bcb32ab91a45d760d47e15b8d3a

  • SSDEEP

    1536:SPrPmTbPibg1y2+OIBcaiRYcUE63JPbrmmnYqmwbZn:gPmbP2CyPOIsRYcR6Fb3nYqmwbZn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Changes its process name 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/f3d5ae835b02002a50396c70b611c546760e18d666bca9cc2f3bcbd998974362.elf
    /tmp/f3d5ae835b02002a50396c70b611c546760e18d666bca9cc2f3bcbd998974362.elf
    1⤵
    • Deletes itself
    • Enumerates active TCP sockets
    • Changes its process name
    • Reads system network configuration
    • Writes file to tmp directory
    PID:1529

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads