72a29a00af7aa88fe85f8ffa67800245565aeca284373c87320e5ffcce5ef384

Analysis

max time kernel
5s
max time network
132s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
21/07/2024, 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

engine
Size

11KB
MD5

ccc0ae133e06f94e35b6b91ce0526b91
SHA1

5914349bd9475c9bbbf11539292c0dec91e5e0bf
SHA256

72a29a00af7aa88fe85f8ffa67800245565aeca284373c87320e5ffcce5ef384
SHA512

f79e941af6bff338fdcd874225b1e480e207f7b296533270329f81b0bd2e16b3245372e19e459e22045505139578ad753ec88bb3cdfba97f123509cd6311f48c
SSDEEP

192:RaU0Oh3SHfKPx60xwebrW6VxYC5O9dyLDihWRafgiaJHMcvl7QwyV2smIE:Rxh3S/KP3BW6VaZzyvcWReaJHfvltyVE

Score

3^/10

Malware Config

Signatures

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/sys/kernel/usermodehelper	engine
File opened for reading	/proc/sys/net/core/somaxconn	engine
File opened for reading	/proc/sys/net/ipv6/conf/all/accept_ra_rtr_pref	engine
File opened for reading	/proc/sys/user/max_net_namespaces	engine
File opened for reading	/proc/sys/net/ipv6/conf/default/accept_ra_rt_info_max_plen	engine
File opened for reading	/proc/sys/net/ipv6/conf/ens3/ra_defrtr_metric	engine
File opened for reading	/proc/sys/user/max_fanotify_groups	engine
File opened for reading	/proc/sys/user/max_inotify_watches	engine
File opened for reading	/proc/sys/fs/fanotify/max_user_marks	engine
File opened for reading	/proc/sys/kernel/unprivileged_bpf_disabled	engine
File opened for reading	/proc/sys/net/ipv4/conf/default/disable_xfrm	engine
File opened for reading	/proc/sys/net/ipv6/conf/all/accept_redirects	engine
File opened for reading	/proc/sys/dev/mac_hid/mouse_button3_keycode	engine
File opened for reading	/proc/sys/net/ipv4/tcp_keepalive_intvl	engine
File opened for reading	/proc/sys/net/ipv6/conf/ens3/accept_dad	engine
File opened for reading	/proc/sys/net/ipv6/neigh/default/retrans_time	engine
File opened for reading	/proc/sys/kernel/core_pattern	engine
File opened for reading	/proc/sys/kernel/poweroff_cmd	engine
File opened for reading	/proc/sys/vm/compact_unevictable_allowed	engine
File opened for reading	/proc/sys/user/max_user_namespaces	engine
File opened for reading	/proc/sys/kernel/firmware_config/force_sysfs_fallback	engine
File opened for reading	/proc/sys/net/ipv4/conf/default/mc_forwarding	engine
File opened for reading	/proc/sys/net/ipv4/inet_peer_maxttl	engine
File opened for reading	/proc/sys/net/ipv6/conf/all/router_solicitation_max_interval	engine
File opened for reading	/proc/sys/net/ipv4/neigh/lo/base_reachable_time	engine
File opened for reading	/proc/sys/net/ipv4/neigh/lo/retrans_time	engine
File opened for reading	/proc/sys/net/ipv4/tcp_allowed_congestion_control	engine
File opened for reading	/proc/sys/net/core/rmem_default	engine
File opened for reading	/proc/sys/net/ipv6/conf/all	engine
File opened for reading	/proc/sys/kernel/core_pipe_limit	engine
File opened for reading	/proc/sys/net/ipv4/conf/lo/arp_filter	engine
File opened for reading	/proc/sys/net/ipv6/conf/all/keep_addr_on_down	engine
File opened for reading	/proc/sys/net/ipv6/conf/lo/ra_defrtr_metric	engine
File opened for reading	/proc/sys/net/ipv6/neigh/lo/retrans_time_ms	engine
File opened for reading	/proc/sys/fs/binfmt_misc/register	engine
File opened for reading	/proc/sys/kernel/acpi_video_flags	engine
File opened for reading	/proc/sys/kernel/usermodehelper/inheritable	engine
File opened for reading	/proc/sys/net/ipv6/conf/ens3/enhanced_dad	engine
File opened for reading	/proc/sys/net/ipv6/conf/lo	engine
File opened for reading	/proc/sys/net/ipv6/conf/lo/accept_ra_min_hop_limit	engine
File opened for reading	/proc/sys/dev/parport/parport0/devices/lp/timeslice	engine
File opened for reading	/proc/sys/kernel/sched_rr_timeslice_ms	engine
File opened for reading	/proc/sys/net/ipv4/tcp_available_ulp	engine
File opened for reading	/proc/sys/net/ipv6/conf/ens3/max_addresses	engine
File opened for reading	/proc/sys/net/ipv6/max_dst_opts_number	engine
File opened for reading	/proc/sys/vm/numa_zonelist_order	engine
File opened for reading	/proc/sys/vm/swappiness	engine
File opened for reading	/proc/sys/net/ipv6/idgen_delay	engine
File opened for reading	/proc/sys/net/ipv6/neigh/ens3/unres_qlen_bytes	engine
File opened for reading	/proc/sys/user/max_fanotify_marks	engine
File opened for reading	/proc/sys/net/ipv4/tcp_min_rtt_wlen	engine
File opened for reading	/proc/sys/net/ipv4/tcp_synack_retries	engine
File opened for reading	/proc/sys/net/ipv6/conf/lo/accept_ra_rt_info_max_plen	engine
File opened for reading	/proc/sys/net/ipv6/icmp	engine
File opened for reading	/proc/sys/kernel/apparmor_restrict_unprivileged_userns	engine
File opened for reading	/proc/sys/kernel/perf_event_max_stack	engine
File opened for reading	/proc/sys/kernel/shm_rmid_forced	engine
File opened for reading	/proc/sys/net/ipv4/conf/all/accept_redirects	engine
File opened for reading	/proc/sys/net/ipv4/conf/all/arp_announce	engine
File opened for reading	/proc/sys/net/ipv4/conf/lo/src_valid_mark	engine
File opened for reading	/proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr	engine
File opened for reading	/proc/sys/net/ipv4/route/gc_elasticity	engine
File opened for reading	/proc/sys/fs/leases-enable	engine
File opened for reading	/proc/sys/kernel/hardlockup_all_cpu_backtrace	engine

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads