ccd394741b68bd36abd1ad25217bf777f931af00de21e2317f0bb0cd12a7b137

Analysis

max time kernel
130s
max time network
128s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
27-09-2024 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12937bed6d9c3938e5508dff8bd29206
Size

46KB
MD5

12937bed6d9c3938e5508dff8bd29206
SHA1

a920c15ca3c66d34d01503877812de60cdfc70cf
SHA256

ccd394741b68bd36abd1ad25217bf777f931af00de21e2317f0bb0cd12a7b137
SHA512

24f1396b7b68b1bfb3c324f2e6fe3c26eeede9e9ff079dcdcd074e098a65b6abac9894f2562e74b77b9ef884dc13c45e548af4845e02434dd201e95100d321f6
SSDEEP

768:5gplhuslrXelfl66UBsnCixj8BJ4j8eu299I3rXSL1XI2OJi3UnUkYIlV:klhuslrXelfl66UBsnCixj8Bxeu88jSy

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 2 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1572	sh
1574	chmod

Reads runtime system information 3 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1569/exe	12937bed6d9c3938e5508dff8bd29206
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mv

/tmp/12937bed6d9c3938e5508dff8bd29206
/tmp/12937bed6d9c3938e5508dff8bd29206
1⤵
- Reads runtime system information
PID:1567
- /bin/sh
  sh -c "mkdir /gbn0tndk5x/ && >/gbn0tndk5x/gbn0tndk5x && cd /gbn0tndk5x/ >/dev/null"
  2⤵
  PID:1570
- - /usr/bin/mkdir
    mkdir /gbn0tndk5x/
    3⤵
    - Reads runtime system information
    PID:1571
- /bin/sh
  sh -c "mv /tmp/12937bed6d9c3938e5508dff8bd29206 /gbn0tndk5x/gbn0tndk5x && chmod 777 /gbn0tndk5x/gbn0tndk5x >/dev/null"
  2⤵
  - File and Directory Permissions Modification
  PID:1572
- - /usr/bin/mv
    mv /tmp/12937bed6d9c3938e5508dff8bd29206 /gbn0tndk5x/gbn0tndk5x
    3⤵
    - Reads runtime system information
    PID:1573
- - /usr/bin/chmod
    chmod 777 /gbn0tndk5x/gbn0tndk5x
    3⤵
    - File and Directory Permissions Modification
    PID:1574

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads