Resubmissions
01-11-2024 18:06
241101-wp5wdsvnel 401-11-2024 16:27
241101-tx4bes1lcx 401-11-2024 16:24
241101-twjkma1lb1 7Analysis
-
max time kernel
299s -
max time network
304s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
01-11-2024 18:06
Static task
static1
Behavioral task
behavioral1
Sample
sshx
Resource
debian12-armhf-20240418-en
Behavioral task
behavioral2
Sample
sshx
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral3
Sample
sshx
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral4
Sample
sshx
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral5
Sample
sshx
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral6
Sample
sshx
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral7
Sample
sshx
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral8
Sample
sshx
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral9
Sample
sshx
Resource
ubuntu2404-amd64-20240729-en
General
-
Target
sshx
-
Size
7.3MB
-
MD5
4655941d7ea27788f29e7101794a24bb
-
SHA1
e8605a27857832503bacfbe106eaf2a02361b5e3
-
SHA256
9d7ad8da8ce2bcdbbe2164e37d5759c9efc22e68ddc11f4502c43b14b349bdec
-
SHA512
0a8011b87021dd9b5d0350b38ba7d8e837833405b95a8762b7b8833800327470a2c1b0b5e1b5101a8448ba3531123e04502759be43fb96860616623973f7e43e
-
SSDEEP
98304:GpitswbS0eSojJ5+NfoIVoKCT5K+dmcF:GUsKS0eeBHc
Malware Config
Signatures
-
Changes its process name 8 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself tokio-runtime-w 1402 sshx Changes the process name, possibly in an attempt to hide itself tokio-runtime-w 1401 sshx Changes the process name, possibly in an attempt to hide itself tokio-runtime-w 1404 sshx Changes the process name, possibly in an attempt to hide itself tokio-runtime-w 1403 sshx Changes the process name, possibly in an attempt to hide itself tokio-runtime-w 1462 sshx Changes the process name, possibly in an attempt to hide itself tokio-runtime-w 1463 sshx Changes the process name, possibly in an attempt to hide itself tokio-runtime-w 1587 sshx Changes the process name, possibly in an attempt to hide itself tokio-runtime-w 1588 sshx -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/fs/cgroup/cpu/cpu.cfs_quota_us sshx File opened for reading /sys/fs/cgroup/cpu/cpu.cfs_period_us sshx -
description ioc Process File opened for reading /proc/self/cgroup sshx