Analysis
-
max time kernel
18s -
max time network
20s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
11/07/2024, 13:46
Static task
static1
Behavioral task
behavioral1
Sample
x86
Resource
ubuntu2004-amd64-20240508-en
ubuntu-20.04-amd64
4 signatures
150 seconds
General
-
Target
x86
-
Size
79KB
-
MD5
23ee5a8b998de681eb94885abdb35dd6
-
SHA1
b666bad55d0f0b1feff26e4fdef60db6ef67ed12
-
SHA256
c0ae1eb249705f61d45ca747c91c02a411557a28792f4064c1d647abb580bc10
-
SHA512
dfce08f4e0a5f2c2f20adfbeaae923cf4c9136437beb8a0f7ee1fd6d9e1ebad13247a8781cf40ba165369cdb4335d38d34abf3746047c4a0422348be991bbb11
-
SSDEEP
1536:WinNLc8aos4+7bPEjpO7CxW2XJMeAvNebSIYLwyV8Q0HOn:dNSoscjpO7DMAFnbMDQ0Y
Score
9/10
Malware Config
Signatures
-
Contacts a large (5920) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/480/maps x86 File opened for reading /proc/900/maps x86 File opened for reading /proc/1382/maps x86 File opened for reading /proc/20/maps x86 File opened for reading /proc/804/maps x86 File opened for reading /proc/1333/maps x86 File opened for reading /proc/19/exe x86 File opened for reading /proc/92/maps x86 File opened for reading /proc/913/maps x86 File opened for reading /proc/1106/maps x86 File opened for reading /proc/1201/maps x86 File opened for reading /proc/1386/maps x86 File opened for reading /proc/84/exe x86 File opened for reading /proc/90/exe x86 File opened for reading /proc/91/maps x86 File opened for reading /proc/2/maps x86 File opened for reading /proc/306/maps x86 File opened for reading /proc/84/maps x86 File opened for reading /proc/163/exe x86 File opened for reading /proc/172/exe x86 File opened for reading /proc/1020/maps x86 File opened for reading /proc/1077/maps x86 File opened for reading /proc/1114/maps x86 File opened for reading /proc/20/exe x86 File opened for reading /proc/265/maps x86 File opened for reading /proc/871/maps x86 File opened for reading /proc/895/maps x86 File opened for reading /proc/1150/maps x86 File opened for reading /proc/166/maps x86 File opened for reading /proc/394/maps x86 File opened for reading /proc/23/exe x86 File opened for reading /proc/964/maps x86 File opened for reading /proc/1030/maps x86 File opened for reading /proc/177/exe x86 File opened for reading /proc/87/exe x86 File opened for reading /proc/1332/maps x86 File opened for reading /proc/1384/maps x86 File opened for reading /proc/12/maps x86 File opened for reading /proc/81/exe x86 File opened for reading /proc/176/exe x86 File opened for reading /proc/508/maps x86 File opened for reading /proc/633/maps x86 File opened for reading /proc/1071/maps x86 File opened for reading /proc/19/maps x86 File opened for reading /proc/16/exe x86 File opened for reading /proc/166/exe x86 File opened for reading /proc/1001/maps x86 File opened for reading /proc/2/exe x86 File opened for reading /proc/73/exe x86 File opened for reading /proc/615/maps x86 File opened for reading /proc/1357/maps x86 File opened for reading /proc/1382/exe x86 File opened for reading /proc/21/exe x86 File opened for reading /proc/70/maps x86 File opened for reading /proc/167/maps x86 File opened for reading /proc/392/maps x86 File opened for reading /proc/14/maps x86 File opened for reading /proc/495/maps x86 File opened for reading /proc/666/maps x86 File opened for reading /proc/1325/maps x86 File opened for reading /proc/170/exe x86 File opened for reading /proc/140/exe x86 File opened for reading /proc/171/maps x86 File opened for reading /proc/672/maps x86