Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    07-11-2024 02:10

General

  • Target

    1b3da0196e914e20c54365e1d9632add9d930c2e7291042f48c2f8a21a2d15d6.elf

  • Size

    118KB

  • MD5

    9f28442a1cc970c2d7754cd35d3dc331

  • SHA1

    0ff29021465110c9cacccb868721f3b056271161

  • SHA256

    1b3da0196e914e20c54365e1d9632add9d930c2e7291042f48c2f8a21a2d15d6

  • SHA512

    ae8ebafa6a11de4ccfbc68f9fb5d484b0a225547ff7843011d0c296b4c0ffa15757d04ae39dc165225ecacfdff390db690093acb7126956d0851eed64341be97

  • SSDEEP

    3072:epo6eIKnN9vZtcwaUMDMWoRyd/zdZwLBWv69ny6JP/KTiFi:eZMnN9vjk4vUhZwLwv69ny6JHKTiFi

Score
9/10

Malware Config

Signatures

  • Contacts a large (13755) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Loads a kernel module 64 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads CPU attributes 1 TTPs 64 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

Processes

  • /tmp/1b3da0196e914e20c54365e1d9632add9d930c2e7291042f48c2f8a21a2d15d6.elf
    /tmp/1b3da0196e914e20c54365e1d9632add9d930c2e7291042f48c2f8a21a2d15d6.elf
    1⤵
    • Loads a kernel module
    PID:2494
    • /usr/bin/pkill
      pkill -9 902i13
      2⤵
      • Reads CPU attributes
      • Enumerates kernel/hardware configuration
      PID:2500
    • /usr/bin/pkill
      pkill -9 BzSxLxBxeY
      2⤵
      • Reads CPU attributes
      • Reads runtime system information
      PID:2505
    • /usr/bin/pkill
      pkill -9 HOHO-LUGO7
      2⤵
      • Enumerates kernel/hardware configuration
      PID:2508
    • /usr/bin/pkill
      pkill -9 HOHO-U79OL
      2⤵
      • Enumerates kernel/hardware configuration
      PID:2510
    • /usr/bin/pkill
      pkill -9 JuYfouyf87
      2⤵
      • Enumerates kernel/hardware configuration
      PID:2524
    • /usr/bin/pkill
      pkill -9 NiGGeR69xd
      2⤵
        PID:2532
      • /usr/bin/pkill
        pkill -9 SO190Ij1X
        2⤵
        • Reads CPU attributes
        • Enumerates kernel/hardware configuration
        PID:2534
      • /usr/bin/pkill
        pkill -9 LOLKIKEEEDDE
        2⤵
        • Reads CPU attributes
        • Reads runtime system information
        PID:2536
      • /usr/bin/pkill
        pkill -9 ekjheory98e
        2⤵
          PID:2538
        • /usr/bin/pkill
          pkill -9 scansh4
          2⤵
          • Reads CPU attributes
          • Enumerates kernel/hardware configuration
          PID:2540
        • /usr/bin/pkill
          pkill -9 MDMA
          2⤵
          • Reads CPU attributes
          PID:2542
        • /usr/bin/pkill
          pkill -9 fdevalvex
          2⤵
          • Reads CPU attributes
          PID:2544
        • /usr/bin/pkill
          pkill -9 scanspc
          2⤵
          • Enumerates kernel/hardware configuration
          PID:2546
        • /usr/bin/pkill
          pkill -9 MELTEDNINJAREALZ
          2⤵
          • Reads CPU attributes
          PID:2548
        • /usr/bin/pkill
          pkill -9 flexsonskids
          2⤵
          • Enumerates kernel/hardware configuration
          • Reads runtime system information
          PID:2550
        • /usr/bin/pkill
          pkill -9 scanx86
          2⤵
          • Reads runtime system information
          PID:2552
        • /usr/bin/pkill
          pkill -9 MISAKI-U79OL
          2⤵
          • Reads CPU attributes
          • Enumerates kernel/hardware configuration
          • Reads runtime system information
          PID:2554
        • /usr/bin/pkill
          pkill -9 foAxi102kxe
          2⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:2556
        • /usr/bin/pkill
          pkill -9 swodjwodjwoj
          2⤵
          • Enumerates kernel/hardware configuration
          PID:2558
        • /usr/bin/pkill
          pkill -9 MmKiy7f87l
          2⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:2560
        • /usr/bin/pkill
          pkill -9 freecookiex86
          2⤵
          • Enumerates kernel/hardware configuration
          • Reads runtime system information
          PID:2562
        • /usr/bin/pkill
          pkill -9 sysgpu
          2⤵
            PID:2564
          • /usr/bin/pkill
            pkill -9 NiGGeR69xd
            2⤵
            • Enumerates kernel/hardware configuration
            • Reads runtime system information
            PID:2566
          • /usr/bin/pkill
            pkill -9 frgege
            2⤵
              PID:2568
            • /usr/bin/pkill
              pkill -9 sysupdater
              2⤵
              • Reads CPU attributes
              • Enumerates kernel/hardware configuration
              • Reads runtime system information
              PID:2570
            • /usr/bin/pkill
              pkill -9 0DnAzepd
              2⤵
              • Reads CPU attributes
              PID:2572
            • /usr/bin/pkill
              pkill -9 NiGGeRD0nks69
              2⤵
              • Enumerates kernel/hardware configuration
              • Reads runtime system information
              PID:2574
            • /usr/bin/pkill
              pkill -9 frgreu
              2⤵
                PID:2576
              • /usr/bin/pkill
                pkill -9 telnetd
                2⤵
                • Enumerates kernel/hardware configuration
                PID:2581
              • /usr/bin/pkill
                pkill -9 0x766f6964
                2⤵
                • Reads CPU attributes
                • Enumerates kernel/hardware configuration
                PID:2583
              • /usr/bin/pkill
                pkill -9 NiGGeRd0nks1337
                2⤵
                • Reads runtime system information
                PID:2585
              • /usr/bin/pkill
                pkill -9 gaft
                2⤵
                • Enumerates kernel/hardware configuration
                PID:2587
              • /usr/bin/pkill
                pkill -9 urasgbsigboa
                2⤵
                • Reads CPU attributes
                • Enumerates kernel/hardware configuration
                • Reads runtime system information
                PID:2589
              • /usr/bin/pkill
                pkill -9 120i3UI49
                2⤵
                • Reads CPU attributes
                PID:2591
              • /usr/bin/pkill
                pkill -9 OaF3
                2⤵
                • Enumerates kernel/hardware configuration
                • Reads runtime system information
                PID:2593
              • /usr/bin/pkill
                pkill -9 geae
                2⤵
                • Reads CPU attributes
                • Enumerates kernel/hardware configuration
                PID:2595
              • /usr/bin/pkill
                pkill -9 vaiolmao
                2⤵
                • Reads CPU attributes
                PID:2597
              • /usr/bin/pkill
                pkill -9 123123a
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:2599
              • /usr/bin/pkill
                pkill -9 Ofurain0n4H34D
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:2601
              • /usr/bin/pkill
                pkill -9 ggTrex
                2⤵
                • Reads CPU attributes
                • Enumerates kernel/hardware configuration
                • Reads runtime system information
                PID:2603
              • /usr/bin/pkill
                pkill -9 wasads
                2⤵
                • Reads CPU attributes
                PID:2605
              • /usr/bin/pkill
                pkill -9 1293194hjXD
                2⤵
                • Enumerates kernel/hardware configuration
                PID:2607
              • /usr/bin/pkill
                pkill -9 OthLaLosn
                2⤵
                  PID:2609
                • /usr/bin/pkill
                  pkill -9 ggt
                  2⤵
                  • Reads CPU attributes
                  PID:2611
                • /usr/bin/pkill
                  pkill -9 wget-log
                  2⤵
                  • Reads CPU attributes
                  • Enumerates kernel/hardware configuration
                  • Reads runtime system information
                  PID:2613
                • /usr/bin/pkill
                  pkill -9 1337SoraLOADER
                  2⤵
                  • Enumerates kernel/hardware configuration
                  PID:2615
                • /usr/bin/pkill
                  pkill -9 SAIAKINA
                  2⤵
                    PID:2617
                  • /usr/bin/pkill
                    pkill -9 ggtq
                    2⤵
                    • Reads runtime system information
                    PID:2619
                  • /usr/bin/pkill
                    pkill -9 1378bfp919GRB1Q2
                    2⤵
                    • Reads runtime system information
                    PID:2621
                  • /usr/bin/pkill
                    pkill -9 SAIAKUSO
                    2⤵
                    • Enumerates kernel/hardware configuration
                    PID:2623
                  • /usr/bin/pkill
                    pkill -9 ggtr
                    2⤵
                    • Reads CPU attributes
                    • Enumerates kernel/hardware configuration
                    PID:2625
                  • /usr/bin/pkill
                    pkill -9 14Fa
                    2⤵
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:2627
                  • /usr/bin/pkill
                    pkill -9 SEXSLAVE1337
                    2⤵
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:2629
                  • /usr/bin/pkill
                    pkill -9 ggtt
                    2⤵
                    • Enumerates kernel/hardware configuration
                    PID:2631
                  • /usr/bin/pkill
                    pkill -9 1902a3u912u3u4
                    2⤵
                    • Enumerates kernel/hardware configuration
                    PID:2633
                  • /usr/bin/pkill
                    pkill -9 SO190Ij1X
                    2⤵
                    • Reads runtime system information
                    PID:2635
                  • /usr/bin/pkill
                    pkill -9 haetrghbr
                    2⤵
                    • Reads CPU attributes
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:2637
                  • /usr/bin/pkill
                    pkill -9 19ju3d
                    2⤵
                    • Reads CPU attributes
                    • Enumerates kernel/hardware configuration
                    • Reads runtime system information
                    PID:2639
                  • /usr/bin/pkill
                    pkill -9 SORAojkf120
                    2⤵
                    • Reads CPU attributes
                    PID:2641
                  • /usr/bin/pkill
                    pkill -9 hehahejeje92
                    2⤵
                      PID:2643
                    • /usr/bin/pkill
                      pkill -9 2U2JDJA901F91
                      2⤵
                      • Reads CPU attributes
                      • Reads runtime system information
                      PID:2645
                    • /usr/bin/pkill
                      pkill -9 SlaVLav12
                      2⤵
                        PID:2647
                      • /usr/bin/pkill
                        pkill -9 helpmedaddthhhhh
                        2⤵
                        • Reads CPU attributes
                        PID:2649
                      • /usr/bin/pkill
                        pkill -9 2wgg9qphbq
                        2⤵
                        • Enumerates kernel/hardware configuration
                        PID:2651
                      • /usr/bin/pkill
                        pkill -9 Slav3Th3seD3vices
                        2⤵
                        • Reads CPU attributes
                        • Reads runtime system information
                        PID:2653
                      • /usr/bin/pkill
                        pkill -9 hzSmYZjYMQ
                        2⤵
                          PID:2655
                        • /usr/bin/pkill
                          pkill -9 5Gbf
                          2⤵
                          • Reads CPU attributes
                          PID:2657
                        • /usr/bin/pkill
                          pkill -9 SoRAxD123LOL
                          2⤵
                            PID:2659
                          • /usr/bin/pkill
                            pkill -9 iaGv
                            2⤵
                              PID:2661
                            • /usr/bin/pkill
                              pkill -9 5aA3
                              2⤵
                              • Enumerates kernel/hardware configuration
                              PID:2663
                            • /usr/bin/pkill
                              pkill -9 SoRAxD420LOL
                              2⤵
                                PID:2665
                              • /usr/bin/pkill
                                pkill -9 insomni
                                2⤵
                                • Enumerates kernel/hardware configuration
                                • Reads runtime system information
                                PID:2667
                              • /usr/bin/pkill
                                pkill -9 640277
                                2⤵
                                • Reads CPU attributes
                                • Enumerates kernel/hardware configuration
                                • Reads runtime system information
                                PID:2669
                              • /usr/bin/pkill
                                pkill -9 SoraBeReppin1337
                                2⤵
                                  PID:2671
                                • /usr/bin/pkill
                                  pkill -9 ipcamCache
                                  2⤵
                                  • Reads runtime system information
                                  • System Network Configuration Discovery
                                  PID:2673
                                • /usr/bin/pkill
                                  pkill -9 66tlGg9Q
                                  2⤵
                                  • Enumerates kernel/hardware configuration
                                  • Reads runtime system information
                                  PID:2675
                                • /usr/bin/pkill
                                  pkill -9 T
                                  2⤵
                                  • Reads CPU attributes
                                  • Enumerates kernel/hardware configuration
                                  PID:2677
                                • /usr/bin/pkill
                                  pkill -9 jUYfouyf87
                                  2⤵
                                  • Reads CPU attributes
                                  PID:2679
                                • /usr/bin/pkill
                                  pkill -9 6ke3
                                  2⤵
                                    PID:2681
                                  • /usr/bin/pkill
                                    pkill -9 TOKYO3
                                    2⤵
                                    • Reads runtime system information
                                    PID:2683
                                  • /usr/bin/pkill
                                    pkill -9 lyEeaXul2dULCVxh
                                    2⤵
                                    • Reads CPU attributes
                                    PID:2685
                                  • /usr/bin/pkill
                                    pkill -9 93OfjHZ2z
                                    2⤵
                                    • Reads runtime system information
                                    PID:2687
                                  • /usr/bin/pkill
                                    pkill -9 TY2gD6MZvKc7KU6r
                                    2⤵
                                      PID:2689
                                    • /usr/bin/pkill
                                      pkill -9 mMkiy6f87l
                                      2⤵
                                      • Enumerates kernel/hardware configuration
                                      • Reads runtime system information
                                      PID:2691
                                    • /usr/bin/pkill
                                      pkill -9 A023UU4U24UIU
                                      2⤵
                                      • Enumerates kernel/hardware configuration
                                      • Reads runtime system information
                                      PID:2693
                                    • /usr/bin/pkill
                                      pkill -9 TheWeeknd
                                      2⤵
                                      • Reads runtime system information
                                      PID:2695
                                    • /usr/bin/pkill
                                      pkill -9 mioribitches
                                      2⤵
                                      • Reads CPU attributes
                                      • Enumerates kernel/hardware configuration
                                      PID:2697
                                    • /usr/bin/pkill
                                      pkill -9 A5p9
                                      2⤵
                                      • Reads CPU attributes
                                      • Enumerates kernel/hardware configuration
                                      PID:2699
                                    • /usr/bin/pkill
                                      pkill -9 TheWeeknds
                                      2⤵
                                      • Reads CPU attributes
                                      • Reads runtime system information
                                      PID:2701
                                    • /usr/bin/pkill
                                      pkill -9 mnblkjpoi
                                      2⤵
                                      • Reads CPU attributes
                                      PID:2703
                                    • /usr/bin/pkill
                                      pkill -9 AbAd
                                      2⤵
                                      • Reads CPU attributes
                                      • Enumerates kernel/hardware configuration
                                      PID:2705
                                    • /usr/bin/pkill
                                      pkill -9 Tokyos
                                      2⤵
                                        PID:2707
                                      • /usr/bin/pkill
                                        pkill -9 neb
                                        2⤵
                                        • Reads CPU attributes
                                        • Reads runtime system information
                                        PID:2709
                                      • /usr/bin/pkill
                                        pkill -9 Akiru
                                        2⤵
                                        • Reads runtime system information
                                        PID:2711
                                      • /usr/bin/pkill
                                        pkill -9 U8inTz
                                        2⤵
                                        • Reads CPU attributes
                                        • Enumerates kernel/hardware configuration
                                        • Reads runtime system information
                                        PID:2713
                                      • /usr/bin/pkill
                                        pkill -9 netstats
                                        2⤵
                                        • Reads CPU attributes
                                        PID:2715
                                      • /usr/bin/pkill
                                        pkill -9 Alex
                                        2⤵
                                        • Reads runtime system information
                                        PID:2717
                                      • /usr/bin/pkill
                                        pkill -9 W9RCAKM20T
                                        2⤵
                                        • Reads CPU attributes
                                        PID:2719
                                      • /usr/bin/pkill
                                        pkill -9 newnetword
                                        2⤵
                                        • Reads CPU attributes
                                        PID:2721
                                      • /usr/bin/pkill
                                        pkill -9 Ayo215
                                        2⤵
                                        • Reads CPU attributes
                                        • Enumerates kernel/hardware configuration
                                        • Reads runtime system information
                                        PID:2723
                                      • /usr/bin/pkill
                                        pkill -9 Word
                                        2⤵
                                          PID:2725
                                        • /usr/bin/pkill
                                          pkill -9 nloads
                                          2⤵
                                          • Reads CPU attributes
                                          PID:2727
                                        • /usr/bin/pkill
                                          pkill -9 BAdAsV
                                          2⤵
                                            PID:2729
                                          • /usr/bin/pkill
                                            pkill -9 Wordmane
                                            2⤵
                                            • Reads CPU attributes
                                            • Enumerates kernel/hardware configuration
                                            PID:2731
                                          • /usr/bin/pkill
                                            pkill -9 notyakuzaa
                                            2⤵
                                            • Reads CPU attributes
                                            • Enumerates kernel/hardware configuration
                                            PID:2733
                                          • /usr/bin/pkill
                                            pkill -9 Belch
                                            2⤵
                                            • Reads CPU attributes
                                            PID:2735
                                          • /usr/bin/pkill
                                            pkill -9 Wordnets
                                            2⤵
                                            • Reads CPU attributes
                                            PID:2737
                                          • /usr/bin/pkill
                                            pkill -9 obp
                                            2⤵
                                            • Reads CPU attributes
                                            • Enumerates kernel/hardware configuration
                                            PID:2739
                                          • /usr/bin/pkill
                                            pkill -9 BigN0gg0r420
                                            2⤵
                                            • Enumerates kernel/hardware configuration
                                            PID:2741
                                          • /usr/bin/pkill
                                            pkill -9 X0102I34f
                                            2⤵
                                            • Reads CPU attributes
                                            PID:2743
                                          • /usr/bin/pkill
                                            pkill -9 ofhasfhiafhoi
                                            2⤵
                                            • Enumerates kernel/hardware configuration
                                            • Reads runtime system information
                                            PID:2745
                                          • /usr/bin/pkill
                                            pkill -9 BzSxLxBxeY
                                            2⤵
                                            • Reads runtime system information
                                            PID:2747
                                          • /usr/bin/pkill
                                            pkill -9 X19I239124UIU
                                            2⤵
                                            • Reads CPU attributes
                                            PID:2749
                                          • /usr/bin/pkill
                                            pkill -9 oism
                                            2⤵
                                            • Enumerates kernel/hardware configuration
                                            • Reads runtime system information
                                            PID:2759
                                          • /usr/bin/pkill
                                            pkill -9 Deported
                                            2⤵
                                            • Reads CPU attributes
                                            • Enumerates kernel/hardware configuration
                                            • Reads runtime system information
                                            PID:2768
                                          • /usr/bin/pkill
                                            pkill -9 XSHJEHHEIIHWO
                                            2⤵
                                            • Enumerates kernel/hardware configuration
                                            PID:2770
                                          • /usr/bin/pkill
                                            pkill -9 olsVNwo12
                                            2⤵
                                            • Reads CPU attributes
                                            • Enumerates kernel/hardware configuration
                                            • Reads runtime system information
                                            PID:2772
                                          • /usr/bin/pkill
                                            pkill -9 DeportedDeported
                                            2⤵
                                            • Enumerates kernel/hardware configuration
                                            PID:2774
                                          • /usr/bin/pkill
                                            pkill -9 XkTer0GbA1
                                            2⤵
                                              PID:2776
                                            • /usr/bin/pkill
                                              pkill -9 onry0v03
                                              2⤵
                                              • Enumerates kernel/hardware configuration
                                              • Reads runtime system information
                                              PID:2778
                                            • /usr/bin/pkill
                                              pkill -9 FortniteDownLOLZ
                                              2⤵
                                              • Reads CPU attributes
                                              PID:2780
                                            • /usr/bin/pkill
                                              pkill -9 Y0urM0mGay
                                              2⤵
                                              • Reads CPU attributes
                                              • Enumerates kernel/hardware configuration
                                              PID:2782
                                            • /usr/bin/pkill
                                              pkill -9 pussyfartlmaojk
                                              2⤵
                                                PID:2784
                                              • /usr/bin/pkill
                                                pkill -9 GrAcEnIgGeRaNn
                                                2⤵
                                                • Enumerates kernel/hardware configuration
                                                PID:2789
                                              • /usr/bin/pkill
                                                pkill -9 YvdGkqndCO
                                                2⤵
                                                • Reads CPU attributes
                                                PID:2791
                                              • /usr/bin/pkill
                                                pkill -9 qGeoRBe6BE
                                                2⤵
                                                • Enumerates kernel/hardware configuration
                                                PID:2793
                                              • /usr/bin/pkill
                                                pkill -9 GuiltyCrown
                                                2⤵
                                                • Enumerates kernel/hardware configuration
                                                PID:2795
                                              • /usr/bin/pkill
                                                pkill -9 ZEuS69
                                                2⤵
                                                • Reads CPU attributes
                                                • Reads runtime system information
                                                PID:2797
                                              • /usr/bin/pkill
                                                pkill -9 s4beBsEQhd
                                                2⤵
                                                • Enumerates kernel/hardware configuration
                                                PID:2799
                                              • /usr/bin/pkill
                                                pkill -9 HOHO-KSNDO
                                                2⤵
                                                • Reads runtime system information
                                                PID:2801
                                              • /usr/bin/pkill
                                                pkill -9 ZEuz69
                                                2⤵
                                                • Reads CPU attributes
                                                PID:2803
                                              • /usr/bin/pkill
                                                pkill -9 sat1234
                                                2⤵
                                                  PID:2805
                                                • /usr/bin/pkill
                                                  pkill -9 HOHO-LUGO7
                                                  2⤵
                                                  • Enumerates kernel/hardware configuration
                                                  PID:2807
                                                • /usr/bin/pkill
                                                  pkill -9 aj93hJ23
                                                  2⤵
                                                    PID:2809
                                                  • /usr/bin/pkill
                                                    pkill -9 scanHA
                                                    2⤵
                                                    • Reads CPU attributes
                                                    • Enumerates kernel/hardware configuration
                                                    PID:2811
                                                  • /usr/bin/pkill
                                                    pkill -9 HOHO-U79OL
                                                    2⤵
                                                      PID:2813
                                                    • /usr/bin/pkill
                                                      pkill -9 alie293z0k2L
                                                      2⤵
                                                        PID:2815
                                                      • /usr/bin/pkill
                                                        pkill -9 scanJoshoARM
                                                        2⤵
                                                        • Reads CPU attributes
                                                        • Enumerates kernel/hardware configuration
                                                        • Reads runtime system information
                                                        PID:2817

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads