Overview

overview

7

Static

static

1

262d14588d...93.elf

ubuntu-24.04-amd64

7

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    15-10-2024 01:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    262d14588d9c2eb5ea9e107143aa3eceb6d07c2a5bc5ca77b14657db125fc693.elf

  • Size

    7.1MB

  • MD5

    bdd59b6239a4d3d17f1ff56f25ed4417

  • SHA1

    745472dbaace1e9637b0f92dd1e8cecfb5a885a2

  • SHA256

    262d14588d9c2eb5ea9e107143aa3eceb6d07c2a5bc5ca77b14657db125fc693

  • SHA512

    362b275d5186da6b24f4934489f309b895b6cdc5e3021088c63448dfaad3f422f9f5b11ce0eb31034a5b1ad5d0aacd1aa0e30788fbf8eeb064332fae443739ef

  • SSDEEP

    98304:myj4EXuPM1EevFrKpukigWz5Hl2IrUCIhOlI/vh+SjYH:9j4EXuAEevFrOy1F2lCMOlI/UvH

Score
7/10
discoveryexecutionpersistenceprivilege_escalatio

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Creates/modifies Cron job 1 TTPs 2 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    executionpersistenceprivilege_escalatio
  • Writes file to system bin folder 1 IoCs
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/262d14588d9c2eb5ea9e107143aa3eceb6d07c2a5bc5ca77b14657db125fc693.elf
    /tmp/262d14588d9c2eb5ea9e107143aa3eceb6d07c2a5bc5ca77b14657db125fc693.elf
    1⤵
    • Creates/modifies Cron job
    • Writes file to system bin folder
    • Reads runtime system information
    • Writes file to tmp directory
    PID:2514
    • /tmp/filejIFB6h
      /tmp/262d14588d9c2eb5ea9e107143aa3eceb6d07c2a5bc5ca77b14657db125fc693.elf
      2⤵
      • Executes dropped EXE
      • Creates/modifies Cron job
      • Reads runtime system information
      • Writes file to tmp directory
      PID:2540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /etc/cron.hourly/0
    Filesize

    92B

    MD5

    3f006f7f81fc17be7f4a0d3da0fad5de

    SHA1

    97a94d3d0654c6551057af3809b52572bd7f9f5d

    SHA256

    982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf

    SHA512

    97d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0

    Download Submit

  • /tmp/fileZgHUMj
    Filesize

    6.9MB

    MD5

    bc426dc3811a2ecbe2e5ac919b279485

    SHA1

    00b3d1f62996890ab18cb1c7fa1a51946c85ddfe

    SHA256

    3e994d6620373d82955737b8985f41c4410b53176bc20de882462eabc8e6ea7c

    SHA512

    9ddfd6e4a3669ba0765f3103fd170614d3d788186930fdb01f7d9443b527ff7fa9ff6d0d0de4285eec5da57a16b1a45b0af074791026c97b7c7ee0a4663bcc9d

    Download Submit

  • /tmp/filejIFB6h
    Filesize

    7.0MB

    MD5

    c71670b4de0f5ebc30a4d876044bae11

    SHA1

    0aaf0154d9b8fd6f03caccd4c4d470b80e046c38

    SHA256

    2d7f7efc0f329dcc63b2d5efb7284f83e47818ec9a8692095117bc7ce3a29548

    SHA512

    3b1c0b54aa2d567fcb88e52a9d66816fe9ba6bcd57253c3b26df5025a545e26854794ee53e21fa277a398e4a7684c3310362d0bcd962176c0662d46de6cd304d

    Download Submit

  • /tmp/filejIFB6h
    Filesize

    7.1MB

    MD5

    bdd59b6239a4d3d17f1ff56f25ed4417

    SHA1

    745472dbaace1e9637b0f92dd1e8cecfb5a885a2

    SHA256

    262d14588d9c2eb5ea9e107143aa3eceb6d07c2a5bc5ca77b14657db125fc693

    SHA512

    362b275d5186da6b24f4934489f309b895b6cdc5e3021088c63448dfaad3f422f9f5b11ce0eb31034a5b1ad5d0aacd1aa0e30788fbf8eeb064332fae443739ef

    Download Submit