Analysis

  • max time kernel
    4s
  • max time network
    388s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    04-11-2024 06:26

General

  • Target

    x86_64

  • Size

    1.8MB

  • MD5

    24ba184bedda469ef98e3b5fa81b1c63

  • SHA1

    2188915626ae7aa91fdba14a35e97a776465f7c7

  • SHA256

    4b0fdadca84b6edecce2ceda2a5ab2e19b257ef6662a972cdf1506c3c0ebc67f

  • SHA512

    62b22bda9b6156fd8d7ef9a243015c0f7ea1fe074d4df31732fd9fbe67b64f79567661594347cfa46b6761c1bde296478ba79e50bc9c17d83df6bbac27d4eed8

  • SSDEEP

    24576:iyqWxOTEVMs6IP2K40cEQGwoijDW+tmw130g133w6Vrx0d+9SPU6AAhf1TVU7enz:iytMEVMJIPZ405OSS/13B3JyEXsG7aPn

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Writes file to system bin folder 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/x86_64
    /tmp/x86_64
    1⤵
    • Creates/modifies Cron job
    • Writes file to system bin folder
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1584
    • /tmp/filema7tYL
      /tmp/x86_64
      2⤵
      • Executes dropped EXE
      PID:1597

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /etc/cron.hourly/0

    Filesize

    92B

    MD5

    3f006f7f81fc17be7f4a0d3da0fad5de

    SHA1

    97a94d3d0654c6551057af3809b52572bd7f9f5d

    SHA256

    982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf

    SHA512

    97d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0

  • /tmp/filema7tYL

    Filesize

    1.8MB

    MD5

    0e0b15b035af0a628b1dc176b69c3139

    SHA1

    0283e00b988b979a5f333f6af1af0f04a0699033

    SHA256

    ab23560807e62cf1811c6f00d1a5c73bd6e3e0688d911a3c5c1c7927b3e4627e

    SHA512

    89795dcb9629a2a60cb02754b1e28e232e48415b5a7997b6175f30879e05c0de64efc4084e7a1404153fc171540ee558e047e235e7500891db49415f6df32f01

  • memory/1584-1-0x00007f5565776000-0x00007f55659780e0-memory.dmp