Analysis
-
max time kernel
4s -
max time network
388s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
04-11-2024 06:26
Behavioral task
behavioral1
Sample
x86_64
Resource
ubuntu2204-amd64-20240611-en
General
-
Target
x86_64
-
Size
1.8MB
-
MD5
24ba184bedda469ef98e3b5fa81b1c63
-
SHA1
2188915626ae7aa91fdba14a35e97a776465f7c7
-
SHA256
4b0fdadca84b6edecce2ceda2a5ab2e19b257ef6662a972cdf1506c3c0ebc67f
-
SHA512
62b22bda9b6156fd8d7ef9a243015c0f7ea1fe074d4df31732fd9fbe67b64f79567661594347cfa46b6761c1bde296478ba79e50bc9c17d83df6bbac27d4eed8
-
SSDEEP
24576:iyqWxOTEVMs6IP2K40cEQGwoijDW+tmw130g133w6Vrx0d+9SPU6AAhf1TVU7enz:iytMEVMJIPZ405OSS/13B3JyEXsG7aPn
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
filema7tYLioc pid Process /tmp/filema7tYL 1597 filema7tYL -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
x86_64description ioc Process File opened for modification /etc/cron.hourly/0 x86_64 -
Writes file to system bin folder 1 IoCs
Processes:
x86_64description ioc Process File opened for modification /bin/ls x86_64 -
Processes:
x86_64description ioc Process File opened for reading /proc/self/exe x86_64 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
x86_64description ioc Process File opened for modification /tmp/filema7tYL x86_64
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD53f006f7f81fc17be7f4a0d3da0fad5de
SHA197a94d3d0654c6551057af3809b52572bd7f9f5d
SHA256982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf
SHA51297d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0
-
Filesize
1.8MB
MD50e0b15b035af0a628b1dc176b69c3139
SHA10283e00b988b979a5f333f6af1af0f04a0699033
SHA256ab23560807e62cf1811c6f00d1a5c73bd6e3e0688d911a3c5c1c7927b3e4627e
SHA51289795dcb9629a2a60cb02754b1e28e232e48415b5a7997b6175f30879e05c0de64efc4084e7a1404153fc171540ee558e047e235e7500891db49415f6df32f01