ccf8e4d6e661ceaea598851923bb8b983bd820ffd02448b8245e6ac780977784

Analysis

max time kernel
148s
max time network
129s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
21/11/2024, 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1418fe9a743226b9661a2b6decb19db0.elf
Size

3.4MB
MD5

1418fe9a743226b9661a2b6decb19db0
SHA1

0ab53321bb9699d354a032259423175c08fec1a4
SHA256

ccf8e4d6e661ceaea598851923bb8b983bd820ffd02448b8245e6ac780977784
SHA512

548cedaa7e100ca49800878a164989fabe101c58d3dea316efe13b368b18e00899664167b533c3556d6e82697677529cbd1e73cdd87aacac87c12363322042a4
SSDEEP

98304:UdgXuBCAPGHGXqiCz6eH+USFUFJYX25Ot:OPmhSWYL

Score

6^/10

discovery persistence

Malware Config

Signatures

Write file to user bin folder 3 IoCs

persistence

description	ioc	Process
File opened for modification	/usr/bin/.Xl1/f1	1418fe9a743226b9661a2b6decb19db0.elf
File opened for modification	/usr/bin/.Xl1/data/gphoto2	1418fe9a743226b9661a2b6decb19db0.elf
File opened for modification	/usr/bin/.Xl1/conf	1418fe9a743226b9661a2b6decb19db0.elf

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1569/fd/4	1418fe9a743226b9661a2b6decb19db0.elf
File opened for reading	/proc/1569/fd/5	1418fe9a743226b9661a2b6decb19db0.elf

Writes file to shm directory 2 IoCs

Malware can drop malicious files in the shm directory which will run directly from RAM.

description	ioc	Process
File opened for modification	/dev/shm/sem.295iM9	1418fe9a743226b9661a2b6decb19db0.elf
File opened for modification	/dev/shm/sem.cheese-540596516_s	1418fe9a743226b9661a2b6decb19db0.elf

/tmp/1418fe9a743226b9661a2b6decb19db0.elf
/tmp/1418fe9a743226b9661a2b6decb19db0.elf
1⤵
- Write file to user bin folder
- Reads runtime system information
- Writes file to shm directory
PID:1569

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/dev/shm/sem.295iM9

Filesize
32B

MD5
fd8ebcfae4c6b0f76ae44176d5a08480

SHA1
0d520752af1739fb60832987aa02a025d1621b59

SHA256
c8387bf8dbadf1c9ba583a8d27b620f4bd13cee4ea2ef98bcb0e1bdfd6f3d8c8

SHA512
ddc3f4f30ee927a232084df67f92bf08ddeea12b4089f0662dcff27e66f07a19d15f453466731689bc1f6d22e4d0aa2364b60bbab7adb2bb7668935a2da0be75

Download Submit
/usr/bin/.Xl1/conf

Filesize
1KB

MD5
d94245b59537d7615745d53063088b99

SHA1
226b93dbddd627648329fead55fb08ea72eb282e

SHA256
ea4e54d4226d43215b7b7e33da6a2b50e7967e33d077846e0a3dc3c376b364b0

SHA512
3335489ba636c6e81ca54b850f67fe6ef9b88ab4f091a30fe1bf9b5512a6e40d043c528a39e322443609bc5e0f4b528d8b916570b79584490a65cee3c52da1b9

Download Submit
/usr/bin/.Xl1/conf

Filesize
1KB

MD5
fe77f4152b69579b3072b2c2cbf88d9c

SHA1
eb2513574393c54533fc11dfa073e2641396f6ca

SHA256
ff49c90dbe44812519d0e160529d8d9f86125d8fa267337c0bf5fa441705ee48

SHA512
728706d79fa49234b99913f441b3feaf126fb5ede3c55d23af92f817a6d3914f5eace4edf0d0fc42773624d728dd5abf368d2d54608e80ae3c48ebd6fc5f977c

Download Submit
/usr/bin/.Xl1/conf

Filesize
1KB

MD5
f1a5a415e56d1232268ed880e310db9a

SHA1
59939f0a3847dc4b7175e557c5c65d74155ba311

SHA256
0481c18d77cbf976a33f025efef39ac9c586283f7e6b815ab2f69a989fbdbb37

SHA512
eda30176c771378b0a626d80f1e1f0af9ec01c952ddbee7dfdb218eaa5b1ee9f79128399f4e2f3c7cb5315f36948da0938b20ff80530a85c5038523c71b45a53

Download Submit
/usr/bin/.Xl1/conf

Filesize
1KB

MD5
a8e0ff1ee8835cc679f88c821e169277

SHA1
e0685906a77a1a810c3d1562412c391e33ea3f20

SHA256
28b841a58354909df38ad60978661487845a7bf5b1003e607ba9ecdeab64accf

SHA512
f19902da2a8a4d4b0650ccdae6d335819efc2777b9623ea1cb7b61616a2eabeafc16c84fd182454d08e56b7aa15639dd44eeef9bb4f3b483c6309363b3cdac9e

Download Submit
/usr/bin/.Xl1/conf

Filesize
1KB

MD5
5e3c81f425f7a7425aacfcb51aaf477c

SHA1
68e4373bf296a8457291cf01a2226f6a19ca98af

SHA256
451703d625400eeb5f5682260b618605c1ad9fc18bc7c555000597db116ed19a

SHA512
c966de3b0db8dd69e3ae8ebb87485a3a3784cecbf30ac16aa60fe455ca945b6bdccfb5fa7332991def66d96577fa3b6ace57d1541ee7f4984e62640377424474

Download Submit
/usr/bin/.Xl1/data/gphoto2

Filesize
3.3MB

MD5
06ccc4c875bfeca01132b415ec0f4391

SHA1
3f2dd2ac795396b29645584843e5a46f4cf9de02

SHA256
cf20b5a462cb8a85765b0653b83e47c8898f848dffc1d0b39cddeaf7c0d040cc

SHA512
462215e0d99a9d8c4debc68cc8f84cba488ce26ababffaa1ffe9cf756c715979161b90f2e3e46c3dfb173d3a2fa7bfd4b2671fd6576ac7cb0011ccb587da0d59

Download Submit
/usr/bin/.Xl1/f1

Filesize
4B

MD5
3851b4801d124e52796c9822173f7a43

SHA1
00f5a0d209ac46181f60b1e20cbc07bb6fd23808

SHA256
9919a5fa07b5d1ea8f672e5e9748ac84b11fb1fc9d6a49231a356c6af8b1d72e

SHA512
3df8c2dfbe2dcb90f86791ae599ecf2f819d56d5ef35107f1b704cb1895ed95974500a8512ffaa80d0611ecca318d6f5a4df66333c30a4db3dbe3a2e1185a57e

Download Submit