188bc243cc42f8ffa4c1ed02aad5a76c9000e3d58104f45fe71af66536a274da

Analysis

max time kernel
20s
max time network
131s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
19/11/2024, 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

188bc243cc42f8ffa4c1ed02aad5a76c9000e3d58104f45fe71af66536a274da.elf
Size

161KB
MD5

8bcd83352bbd52ca7bda998a52dd0e5c
SHA1

b3e0785dbe60369634ac6a6b5d241849c1f929de
SHA256

188bc243cc42f8ffa4c1ed02aad5a76c9000e3d58104f45fe71af66536a274da
SHA512

0cbc7c3e5150130fd8265fe6800f090dd7d9997e663aa6c2fbc06bc711b2aa3f26eb8df16b754df67358b3298ecfc593bec4f35751dd15ee3bee0120bf38ec94
SSDEEP

3072:YPdoV0ryvKNik1sv3xU5R6Izz6uUA1O5V53sl34gQ02Z+V0pi:YP4vSr1s/xUXAuB1O5/3sl3802Z+V00

Score

4^/10

discovery

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	thread-pool-0	1610	188bc243cc42f8ffa4c1ed02aad5a76c9000e3d58104f45fe71af66536a274da.elf

Reads CPU attributes 1 TTPs 1 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	188bc243cc42f8ffa4c1ed02aad5a76c9000e3d58104f45fe71af66536a274da.elf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/encryption.log	188bc243cc42f8ffa4c1ed02aad5a76c9000e3d58104f45fe71af66536a274da.elf

/tmp/188bc243cc42f8ffa4c1ed02aad5a76c9000e3d58104f45fe71af66536a274da.elf
/tmp/188bc243cc42f8ffa4c1ed02aad5a76c9000e3d58104f45fe71af66536a274da.elf
1⤵
- Changes its process name
- Reads CPU attributes
- Writes file to tmp directory
PID:1587
- /bin/sh
  sh -c "vim-cmd vmsvc/getallvms 2>&1"
  2⤵
  PID:1611

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/encryption.log

Filesize
160B

MD5
716918f5513836b30e93f7d65336eb3d

SHA1
4a804889d52b59580075a76e28907a9bff157586

SHA256
cb402a31ddc76a9e09cd3335944df7376cfff30e5129c930963dc452feffad0b

SHA512
c9c4da288038bf5aa938d8f2eee02484316600d3c0f9eee731820176190ca350a5b4e4d972210c3a7a917a896f32452199dcf2a73b2f4c7cd21d5a4c5b19b71b

Download Submit