082b1660a465015a2932d3f7862065e7ceb72e0727b0d42c8714365b036d98fe

Analysis

max time kernel
149s
max time network
151s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
17/05/2024, 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

082b1660a465015a2932d3f7862065e7ceb72e0727b0d42c8714365b036d98fe.elf
Size

56KB
MD5

0a070ff8c0685736af941249853e906b
SHA1

26d374c49e8d6167017e319d7636d07d3b5ed8c2
SHA256

082b1660a465015a2932d3f7862065e7ceb72e0727b0d42c8714365b036d98fe
SHA512

2bfc74fe7a8d82b084e334c93eb43a01e710e39876c64754f5689ab3d107874ef290615c78a6300ff2c748b26da39a86a89848c79e123e211a7aa1bab5ecc3f4
SSDEEP

1536:QHk3cV7ZioP28hDmQeGks8/KDiCOq2SvHoP5AtVJc3+7:QHk3cg8hOGWtq2SP+KPwQ

Score

6^/10

Malware Config

Signatures

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/route	082b1660a465015a2932d3f7862065e7ceb72e0727b0d42c8714365b036d98fe.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/route	082b1660a465015a2932d3f7862065e7ceb72e0727b0d42c8714365b036d98fe.elf

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	082b1660a465015a2932d3f7862065e7ceb72e0727b0d42c8714365b036d98fe.elf
File opened for reading	/proc/1474/exe	082b1660a465015a2932d3f7862065e7ceb72e0727b0d42c8714365b036d98fe.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/udp_cat.was.here	082b1660a465015a2932d3f7862065e7ceb72e0727b0d42c8714365b036d98fe.elf

/tmp/082b1660a465015a2932d3f7862065e7ceb72e0727b0d42c8714365b036d98fe.elf
/tmp/082b1660a465015a2932d3f7862065e7ceb72e0727b0d42c8714365b036d98fe.elf
1⤵
- Reads system routing table
- Reads system network configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1473

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/udp_cat.was.here

Filesize
290B

MD5
c6e36a76fbd3ab6ac0a345912c1671ad

SHA1
b944bf4b99f6fd78587444efdbeaef6066eb06a6

SHA256
bbc0eaf16a089db49406488cc52393099e74d79b0040dd571c9742d0909bece6

SHA512
f4d8deb9a4c591117a17b583c1ceec9863557f1da09892ee1165fc3bf921333d9946c6221c3aac51075816c6f48a8cfcbcb0e2d052cf9e7f5bf8bcfe09a250a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads