7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72

Analysis

max time kernel
120s
max time network
136s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22-05-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf
Size

115KB
MD5

7e723da85f39e73445e84a18e4619d93
SHA1

b23ea642ddf41da2086dae61d6231d52741439f9
SHA256

7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72
SHA512

b4df3ce95dee9492923474103f0cd7b16aacd14294563deb324cd223946e4da80575932ec691143bf0f73c7e0aa5b9184f27d9fc81b1eef5d2e2d7d3b9b5503e
SSDEEP

3072:xutsuSX8eZ3y97Uj0LUsUYUCvw/+tXgbWUoF5hqT21Pk4FmlwUnZ9tFVi:7uSX8ehy97Uj0LPZjvw/+hO5oF5hl1PH

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf

pid process

1503 7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf

description ioc process

File opened for reading /proc/net/route 7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf

pid	process
1503	7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf

description	ioc	process
File opened for reading	/proc/net/route	7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf

Changes its process name 1 IoCs

Processes:

7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf

description	pid	process
Changes the process name, possibly in an attempt to hide itself	1503	7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf

Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf

description ioc process

File opened for reading /proc/net/route 7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf

description	ioc	process
File opened for reading	/proc/net/route	7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf

/tmp/7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf
/tmp/7915a4303140e7cae743a88b47551bd7f5ce228c3ebd11d1253af7a81e5f8e72.elf
1⤵
- Deletes itself
- Reads system routing table
- Changes its process name
- Reads system network configuration
PID:1503

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads