Analysis
-
max time kernel
39s -
max time network
39s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
06-11-2024 13:19
Static task
static1
Behavioral task
behavioral1
Sample
4cqWpoV0dCkQZUDA6r2yBvPx4TUfZlhnaJ
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
4cqWpoV0dCkQZUDA6r2yBvPx4TUfZlhnaJ
-
Size
99KB
-
MD5
9438d9bc392bcf300a5583b6df5bc8f6
-
SHA1
375a6ae34b516f6f3eeea8030c4084f585017efa
-
SHA256
68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e
-
SHA512
1f3e4219359a28c0f6373c0369da2b5dc0e89789afb89664627d8d9e37d4b72da36322b4015491d7daa03e46dff07d39f00dca18f274e9623dab0ff2d869c860
-
SSDEEP
3072:kFPlxndf22h/xwXnTkai7MYRApCg9dgdmk1b5wdL35sPX:kZlxndf8nTqtS/9dgdmk1b5wdj5sPX
Malware Config
Signatures
-
Contacts a large (662) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Processes:
4cqWpoV0dCkQZUDA6r2yBvPx4TUfZlhnaJpid Process 2492 4cqWpoV0dCkQZUDA6r2yBvPx4TUfZlhnaJ 2492 4cqWpoV0dCkQZUDA6r2yBvPx4TUfZlhnaJ 2502 4cqWpoV0dCkQZUDA6r2yBvPx4TUfZlhnaJ 2502 4cqWpoV0dCkQZUDA6r2yBvPx4TUfZlhnaJ -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
crontabdescription ioc Process File opened for modification /var/spool/cron/crontabs/tmp.K1pejv crontab
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210B
MD59ced96f9628c6d4c589ee8ba170dc71c
SHA1e39ce58d3f0b54e9faece41cb3201ad69551d523
SHA25635a3a2709c8c76dd3488f0a8d000995c158d7c2fb999eb7a1006aa8bd7a83584
SHA5128376acb533c3d781f32be4046601106e784935ee9c90f4d5d1ffeb0c1da09f6f160b5cd3173527e5910de4b113427218814b96f8d3fe947dd0689c3cdde15b65