Overview

overview

10

Static

static

10

988155f2bf...1c.elf

ubuntu-20.04-amd64

4

Analysis

  • max time kernel
    121s
  • max time network
    154s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240221-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    05-05-2024 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    988155f2bf9242ce23193e8cbb8a001c.elf

  • Size

    1.0MB

  • MD5

    988155f2bf9242ce23193e8cbb8a001c

  • SHA1

    4c0c74fd0fb9fba9587f3ec7b6326db029c334b7

  • SHA256

    d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe

  • SHA512

    0a461a2bf57002f0f27b56e6e5ce7d018b23bec2926bf473acb8e58ecc7cfbd4f781a1dfe2ad627ea4032aedd589bda587b27a9a17e4689889ebd322d393ed8d

  • SSDEEP

    24576:RsqZhvnhHXuhshNjm3Bp6gDgR16lwzBWa4wwS49TrHg29XE/PZroyUkNR9:PhvnhHXuhshNjK8AlGWaoEroyUk

Score
4/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/988155f2bf9242ce23193e8cbb8a001c.elf
    /tmp/988155f2bf9242ce23193e8cbb8a001c.elf
    1⤵
    • Checks CPU configuration
    • Reads CPU attributes
    PID:1477
    • /bin/sh
      sh -c "chmod +x /etc/rc.local"
      2⤵
        PID:1478
        • /usr/bin/chmod
          chmod +x /etc/rc.local
          3⤵
            PID:1479
        • /bin/sh
          sh -c "mv /tmp/988155f2bf9242ce23193e8cbb8a001c.elf /etc/988155f2bf9242ce23193e8cbb8a001c.elf"
          2⤵
            PID:1486
            • /usr/bin/mv
              mv /tmp/988155f2bf9242ce23193e8cbb8a001c.elf /etc/988155f2bf9242ce23193e8cbb8a001c.elf
              3⤵
              • Reads runtime system information
              PID:1487
          • /bin/sh
            sh -c "cd /etc;chmod 777 988155f2bf9242ce23193e8cbb8a001c.elf"
            2⤵
              PID:1491
              • /usr/bin/chmod
                chmod 777 988155f2bf9242ce23193e8cbb8a001c.elf
                3⤵
                  PID:1492
              • /bin/sh
                sh -c "sed -i -e '/exit/d' /etc/rc.local"
                2⤵
                  PID:1493
                  • /usr/bin/sed
                    sed -i -e /exit/d /etc/rc.local
                    3⤵
                    • Reads runtime system information
                    PID:1494
                • /bin/sh
                  sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
                  2⤵
                    PID:1495
                    • /usr/bin/sed
                      sed -i -e "/^ | | \$/d" /etc/rc.local
                      3⤵
                      • Reads runtime system information
                      PID:1496
                  • /bin/sh
                    sh -c "sed -i -e '/988155f2bf9242ce23193e8cbb8a001c.elf/d' /etc/rc.local"
                    2⤵
                      PID:1497
                      • /usr/bin/sed
                        sed -i -e /988155f2bf9242ce23193e8cbb8a001c.elf/d /etc/rc.local
                        3⤵
                        • Reads runtime system information
                        PID:1498
                    • /bin/sh
                      sh -c "sed -i -e '2 i/etc/988155f2bf9242ce23193e8cbb8a001c.elf reboot' /etc/rc.local"
                      2⤵
                        PID:1499
                        • /usr/bin/sed
                          sed -i -e "2 i/etc/988155f2bf9242ce23193e8cbb8a001c.elf reboot" /etc/rc.local
                          3⤵
                          • Reads runtime system information
                          PID:1500
                      • /bin/sh
                        sh -c "sed -i -e '2 i/etc/988155f2bf9242ce23193e8cbb8a001c.elf start' /etc/rc.d/rc.local"
                        2⤵
                          PID:1501
                          • /usr/bin/sed
                            sed -i -e "2 i/etc/988155f2bf9242ce23193e8cbb8a001c.elf start" /etc/rc.d/rc.local
                            3⤵
                            • Reads runtime system information
                            PID:1502
                        • /bin/sh
                          sh -c "sed -i -e '2 i/etc/988155f2bf9242ce23193e8cbb8a001c.elf start' /etc/init.d/boot.local"
                          2⤵
                            PID:1503
                            • /usr/bin/sed
                              sed -i -e "2 i/etc/988155f2bf9242ce23193e8cbb8a001c.elf start" /etc/init.d/boot.local
                              3⤵
                              • Reads runtime system information
                              PID:1504

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads