Overview

overview

6

Static

static

1

na.elf

ubuntu-22.04-amd64

6

Analysis

  • max time kernel
    0s
  • max time network
    128s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    13/10/2024, 18:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    na.elf

  • Size

    8KB

  • MD5

    bf4eefc5f30249dc3007ba9ae08b0b12

  • SHA1

    bd97ea02262981a9e72b78448df2de2df05b12af

  • SHA256

    c77eda84ceefa64af6286acbc6d379b09015e75a4c153f58d2e825f8b329273a

  • SHA512

    285a4e522b07abcedaa0c264bd1645e195a54a1bbdce59f52f7dbe3a7778c5702da346b3f71e7ec000762a4b59aff47ce9ecb9f0dc743173716fbd324530865f

  • SSDEEP

    96:GbDTSfUTktkRs5ZPt4sHH29g+DZC1+i2cp8KZS7gX0cSfB+WxW:GbDk6ktkRapGMWaCk1IcpCUS

Score
6/10
defense_evasiondiscoveryprivilege_escalation

Malware Config

Signatures

  • Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs

    Abuse sudo or cached sudo credentials to execute code.

    privilege_escalationdefense_evasion
  • Reads runtime system information 3 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/na.elf
    /tmp/na.elf
    1⤵
      PID:1565
    • /usr/bin/sudoedit
      sudoedit -s "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY\\"
      1⤵
      • Abuse Elevation Control Mechanism: Sudo and Sudo Caching
      • Reads runtime system information
      PID:1565

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads