Analysis Overview
SHA256
1f170141be3baceaf4ba1f2281644894588da2ed02a2f5a75ab32d49da644dec
Threat Level: Likely benign
The file 1f170141be3baceaf4ba1f2281644894588da2ed02a2f5a75ab32d49da644dec.elf was found to be: Likely benign.
Malicious Activity Summary
Reads runtime system information
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-07 01:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 01:09
Reported
2024-05-07 01:12
Platform
ubuntu1804-amd64-20240418-en
Max time kernel
1s
Max time network
128s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/1544/exe | /tmp/1f170141be3baceaf4ba1f2281644894588da2ed02a2f5a75ab32d49da644dec.elf | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mv | N/A |
Processes
/tmp/1f170141be3baceaf4ba1f2281644894588da2ed02a2f5a75ab32d49da644dec.elf
[/tmp/1f170141be3baceaf4ba1f2281644894588da2ed02a2f5a75ab32d49da644dec.elf]
/bin/sh
[sh -c mkdir /9rftscavtz/ && >/9rftscavtz/9rftscavtz && cd /9rftscavtz/ >/dev/null]
/bin/mkdir
[mkdir /9rftscavtz/]
/bin/sh
[sh -c mv /tmp/1f170141be3baceaf4ba1f2281644894588da2ed02a2f5a75ab32d49da644dec.elf /9rftscavtz/9rftscavtz && chmod 777 /9rftscavtz/9rftscavtz >/dev/null]
/bin/mv
[mv /tmp/1f170141be3baceaf4ba1f2281644894588da2ed02a2f5a75ab32d49da644dec.elf /9rftscavtz/9rftscavtz]
/bin/chmod
[chmod 777 /9rftscavtz/9rftscavtz]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.194.49:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 154.40.33.94:5683 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 195.181.164.14:443 | tcp |