Analysis Overview
SHA256
4b0fdadca84b6edecce2ceda2a5ab2e19b257ef6662a972cdf1506c3c0ebc67f
Threat Level: Shows suspicious behavior
The file x86_64 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Creates/modifies Cron job
Writes file to system bin folder
UPX packed file
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-04 06:26
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-04 06:26
Reported
2024-11-04 06:36
Platform
ubuntu2204-amd64-20240611-en
Max time kernel
4s
Max time network
388s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/filema7tYL | /tmp/filema7tYL | N/A |
Creates/modifies Cron job
| Description | Indicator | Process | Target |
| File opened for modification | /etc/cron.hourly/0 | /tmp/x86_64 | N/A |
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /bin/ls | /tmp/x86_64 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/exe | /tmp/x86_64 | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/filema7tYL | /tmp/x86_64 | N/A |
Processes
/tmp/x86_64
[/tmp/x86_64]
/tmp/filema7tYL
[/tmp/x86_64]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
memory/1584-1-0x00007f5565776000-0x00007f55659780e0-memory.dmp
/tmp/filema7tYL
| MD5 | 0e0b15b035af0a628b1dc176b69c3139 |
| SHA1 | 0283e00b988b979a5f333f6af1af0f04a0699033 |
| SHA256 | ab23560807e62cf1811c6f00d1a5c73bd6e3e0688d911a3c5c1c7927b3e4627e |
| SHA512 | 89795dcb9629a2a60cb02754b1e28e232e48415b5a7997b6175f30879e05c0de64efc4084e7a1404153fc171540ee558e047e235e7500891db49415f6df32f01 |
/etc/cron.hourly/0
| MD5 | 3f006f7f81fc17be7f4a0d3da0fad5de |
| SHA1 | 97a94d3d0654c6551057af3809b52572bd7f9f5d |
| SHA256 | 982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf |
| SHA512 | 97d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0 |