Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    31/10/2024, 03:54

General

  • Target

    d161fb13021a74017a2deaca8957a41f96adfd201f3bf653b9e3f50fffd5a547.elf

  • Size

    3.3MB

  • MD5

    27e51ee7a66488556425956010659e7f

  • SHA1

    4c24cef837b500e362fae34f73cf42f4d0f107e0

  • SHA256

    d161fb13021a74017a2deaca8957a41f96adfd201f3bf653b9e3f50fffd5a547

  • SHA512

    8b470d69a8972f5d2870abbb2dfc002dcc3d3b6be3b2b96399541f4b7cbc5afe29f44a087cdc70855f810b4d6c594b9a94fad448520e1a2752cf1d5e94293d60

  • SSDEEP

    98304:1Z8CdALXjA+mDvUr3kqzIWK6LLQJzyGAiM8AiZ:j8CdAL113Lcyc1Z

Malware Config

Signatures

  • Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 1 IoCs

    Adversaries may detect and evade virtualized environments and sandboxes.

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads system network configuration 1 TTPs 6 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 18 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/d161fb13021a74017a2deaca8957a41f96adfd201f3bf653b9e3f50fffd5a547.elf
    /tmp/d161fb13021a74017a2deaca8957a41f96adfd201f3bf653b9e3f50fffd5a547.elf
    1⤵
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:1565
    • /bin/bash
      /bin/bash -c uptime
      2⤵
        PID:1569
      • /usr/bin/uptime
        uptime
        2⤵
        • Virtualization/Sandbox Evasion: Time Based Evasion
        • Reads CPU attributes
        • Reads runtime system information
        PID:1569
      • /usr/bin/bash
        bash -c "cat /proc/net/dev |grep ens3 |awk '{print \$2}'"
        2⤵
          PID:1572
          • /usr/bin/awk
            awk "{print \$2}"
            3⤵
            • Reads runtime system information
            PID:1576
          • /usr/bin/grep
            grep ens3
            3⤵
            • Reads runtime system information
            PID:1575
          • /usr/bin/cat
            cat /proc/net/dev
            3⤵
            • Reads system network configuration
            PID:1574
        • /usr/bin/bash
          bash -c "cat /proc/net/dev |grep ens3 |awk '{print \$10}'"
          2⤵
            PID:1580
            • /usr/bin/awk
              awk "{print \$10}"
              3⤵
              • Reads runtime system information
              PID:1583
            • /usr/bin/grep
              grep ens3
              3⤵
              • Reads runtime system information
              PID:1582
            • /usr/bin/cat
              cat /proc/net/dev
              3⤵
              • Reads system network configuration
              PID:1581
          • /usr/bin/bash
            bash -c "cat /proc/net/dev |grep ens3 |awk '{print \$2}'"
            2⤵
              PID:1592
              • /usr/bin/awk
                awk "{print \$2}"
                3⤵
                • Reads runtime system information
                PID:1595
              • /usr/bin/grep
                grep ens3
                3⤵
                • Reads runtime system information
                PID:1594
              • /usr/bin/cat
                cat /proc/net/dev
                3⤵
                • Reads system network configuration
                PID:1593
            • /usr/bin/bash
              bash -c "cat /proc/net/dev |grep ens3 |awk '{print \$10}'"
              2⤵
                PID:1596
                • /usr/bin/awk
                  awk "{print \$10}"
                  3⤵
                  • Reads runtime system information
                  PID:1599
                • /usr/bin/grep
                  grep ens3
                  3⤵
                  • Reads runtime system information
                  PID:1598
                • /usr/bin/cat
                  cat /proc/net/dev
                  3⤵
                  • Reads system network configuration
                  PID:1597
              • /usr/bin/bash
                bash -c "cat /proc/net/dev |grep ens3 |awk '{print \$2}'"
                2⤵
                  PID:1603
                  • /usr/bin/awk
                    awk "{print \$2}"
                    3⤵
                    • Reads runtime system information
                    PID:1606
                  • /usr/bin/grep
                    grep ens3
                    3⤵
                    • Reads runtime system information
                    PID:1605
                  • /usr/bin/cat
                    cat /proc/net/dev
                    3⤵
                    • Reads system network configuration
                    PID:1604
                • /usr/bin/bash
                  bash -c "cat /proc/net/dev |grep ens3 |awk '{print \$10}'"
                  2⤵
                    PID:1607
                    • /usr/bin/awk
                      awk "{print \$10}"
                      3⤵
                      • Reads runtime system information
                      PID:1610
                    • /usr/bin/grep
                      grep ens3
                      3⤵
                      • Reads runtime system information
                      PID:1609
                    • /usr/bin/cat
                      cat /proc/net/dev
                      3⤵
                      • Reads system network configuration
                      PID:1608

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads