Malware Analysis Report

2025-08-06 01:18

Sample ID 241107-sfk8vatmh1
Target i586.elf
SHA256 39c67b545cdea6a9a65494859e839d4e6eee5318ba1f1b2a53b8c07f61eb21fd
Tags
upx discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

39c67b545cdea6a9a65494859e839d4e6eee5318ba1f1b2a53b8c07f61eb21fd

Threat Level: Shows suspicious behavior

The file i586.elf was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx discovery

Reads system routing table

UPX packed file

Reads system network configuration

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 15:04

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 15:04

Reported

2024-11-07 15:06

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

146s

Max time network

147s

Command Line

[/tmp/i586.elf]

Signatures

Reads system routing table

discovery
Description Indicator Process Target
File opened for reading /proc/net/route /tmp/i586.elf N/A

Reads system network configuration

discovery
Description Indicator Process Target
File opened for reading /proc/net/route /tmp/i586.elf N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/Infected.log /tmp/i586.elf N/A

Processes

/tmp/i586.elf

[/tmp/i586.elf]

Network

Country Destination Domain Proto
DE 181.214.231.152:31130 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.7:443 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp
DE 181.214.231.152:31130 tcp

Files

memory/1507-1-0x0000000008048000-0x0000000008097ef8-memory.dmp

/tmp/Infected.log

MD5 a70a5dde6f79eaea4e71c88b6a2ccc38
SHA1 92c0273c4be5d4b7bdbdd500de5a64e5e05652b2
SHA256 d087a5a10a09b589993d8cc44a24ef22db26ffd0feeeb3f29b15af008c292af8
SHA512 aaa7d00faa34a87292f23a16dae8a7a4b5a40c8e375a579f1286427819c2a04e1c6f970dbc0f2433e6c03f59a2ece0f28ba1e8fc526bc4afe77f176f61876c52