Analysis
-
max time kernel
0s -
max time network
128s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
14-10-2024 01:54
Static task
static1
Behavioral task
behavioral1
Sample
c77eda84ceefa64af6286acbc6d379b09015e75a4c153f58d2e825f8b329273a.elf
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
2 signatures
150 seconds
General
-
Target
c77eda84ceefa64af6286acbc6d379b09015e75a4c153f58d2e825f8b329273a.elf
-
Size
8KB
-
MD5
bf4eefc5f30249dc3007ba9ae08b0b12
-
SHA1
bd97ea02262981a9e72b78448df2de2df05b12af
-
SHA256
c77eda84ceefa64af6286acbc6d379b09015e75a4c153f58d2e825f8b329273a
-
SHA512
285a4e522b07abcedaa0c264bd1645e195a54a1bbdce59f52f7dbe3a7778c5702da346b3f71e7ec000762a4b59aff47ce9ecb9f0dc743173716fbd324530865f
-
SSDEEP
96:GbDTSfUTktkRs5ZPt4sHH29g+DZC1+i2cp8KZS7gX0cSfB+WxW:GbDk6ktkRapGMWaCk1IcpCUS
Score
6/10
Malware Config
Signatures
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
-
Processes:
sudoeditdescription ioc process File opened for reading /proc/sys/kernel/ngroups_max sudoedit File opened for reading /proc/self/stat sudoedit File opened for reading /proc/sys/kernel/cap_last_cap sudoedit File opened for reading /proc/filesystems sudoedit
Processes
-
/tmp/c77eda84ceefa64af6286acbc6d379b09015e75a4c153f58d2e825f8b329273a.elf/tmp/c77eda84ceefa64af6286acbc6d379b09015e75a4c153f58d2e825f8b329273a.elf1⤵PID:2483
-
/usr/bin/sudoeditsudoedit -s "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY\\"1⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
- Reads runtime system information
PID:2483