Overview

overview

10

Static

static

10

novo.x8664.elf

ubuntu-22.04-amd64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    03-10-2024 06:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    novo.x8664.elf

  • Size

    64KB

  • MD5

    0a290c232a49ec93a6da03ee7edb1edf

  • SHA1

    94f2fd1cc66b82c9e06c9033699e160e812be8f5

  • SHA256

    de0eb1e3f962179786edcdba9de547696bdb6e997f00a5529caf537112d734ae

  • SHA512

    a72a9a4c92c290b4da278266707cfd8773011842159e89b74fb91c147985f5df9a4ca1af6a5546148689ebe9ca1e392ecf139575f0640a8f1058d7628b5bf90b

  • SSDEEP

    1536:xUjC4qlQ6wBZfgSaaRouE7k7KQk3/ZTGW5V6GlJWBwbZnR:SjCdl5mZfDafuEQ7Kp/Zn5VDlJIwbZnR

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (23992) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Changes its process name 1 IoCs

Processes

  • /tmp/novo.x8664.elf
    /tmp/novo.x8664.elf
    1⤵
    • Changes its process name
    PID:1570
    • /bin/sh
      sh -c "rm -rf /tmp/novo.x8664.elf && rm -rf novo*"
      2⤵
        PID:1571
        • /usr/bin/rm
          rm -rf /tmp/novo.x8664.elf
          3⤵
            PID:1572
          • /usr/bin/rm
            rm -rf "novo*"
            3⤵
              PID:1573

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads