Overview

overview

10

Static

static

10

71873b8dc3...24.elf

ubuntu-22.04-amd64

7

Analysis

  • max time kernel
    0s
  • max time network
    131s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    22-11-2024 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    71873b8dc36187919002210ca6b1f3d7bbf8634515e52f05d3e54b1708f15b24.elf

  • Size

    634KB

  • MD5

    4e4ec8168e61fd376cf2e40158cc0959

  • SHA1

    17557156ec92f0a07a51898e6896177b386fbdf0

  • SHA256

    71873b8dc36187919002210ca6b1f3d7bbf8634515e52f05d3e54b1708f15b24

  • SHA512

    454bd3dc485936423cd244942fc16a45cfd94127fd335afe2b73cfefef3c36fd68e46ffb46f600359bb34164d0917a1c6e39b5c822978239ba22d9dc3bc1ce70

  • SSDEEP

    12288:VOAeE6Gb997Jbkk+0Ok9+eznL6mhYhrWrfpVngfGg69vMbadCqHxCpxLBS8+IM44:VOE6Gb997Jbkk+0eeznLJhsrWrRVgD6f

Score
7/10
antivmdefense_evasiondiscovery

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 2 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/71873b8dc36187919002210ca6b1f3d7bbf8634515e52f05d3e54b1708f15b24.elf
    /tmp/71873b8dc36187919002210ca6b1f3d7bbf8634515e52f05d3e54b1708f15b24.elf
    1⤵
    • Checks CPU configuration
    PID:1597
    • /bin/sh
      sh -c "chmod +x /etc/rc.local"
      2⤵
      • File and Directory Permissions Modification
      PID:1598
      • /usr/bin/chmod
        chmod +x /etc/rc.local
        3⤵
        • File and Directory Permissions Modification
        PID:1599
    • /bin/sh
      sh -c "mv /tmp/71873b8dc36187919002210ca6b1f3d7bbf8634515e52f05d3e54b1708f15b24.elf /etc/71873b8dc36187919002210ca6b1f3d7bbf8634515e52f05d3e54b1708f15b24.elf"
      2⤵
        PID:1600
        • /usr/bin/mv
          mv /tmp/71873b8dc36187919002210ca6b1f3d7bbf8634515e52f05d3e54b1708f15b24.elf /etc/71873b8dc36187919002210ca6b1f3d7bbf8634515e52f05d3e54b1708f15b24.elf
          3⤵
          • Reads runtime system information
          PID:1601

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads