Analysis
-
max time kernel
148s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
15-12-2024 13:42
Static task
static1
General
-
Target
i686.elf
-
Size
64KB
-
MD5
515d44449575fb5f6e1cc10698c09189
-
SHA1
a27023ffcc67f3ffe6a80f3d8a4b1cca886d363d
-
SHA256
a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882
-
SHA512
491166e8bc8858c6b83283179e31e12501d19b2c0c80d49a11e5f6b3a6ad5de3b6b66178c91aacbb109e51bfe3719c98e5b0d8f8f8f6db4112c00de04e9b0cd6
-
SSDEEP
768:JD3UKOqcPkfKmL0XSodeE/fg7BWo0vjwZ2nvP3NtA+Th8HRolbzF12LDm3oRyXsg:FkbkiC4J3n8BWDN3ZSS1uyXskmXsU
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1509 i686.elf -
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 51.77.149.139 -
Reads MAC address of network interface 2 TTPs 2 IoCs
Fetches the MAC address of active network interfaces. May be used to detect known values for hypervisors.
description ioc Process File opened for reading /sys/class/net/lo/address i686.elf File opened for reading /sys/class/net/ens3/address i686.elf -
Reads network interface configuration 2 TTPs 2 IoCs
Fetches information about one or more active network interfaces.
description ioc Process File opened for reading /sys/class/net/ens3/flags i686.elf File opened for reading /sys/class/net/ens3/carrier i686.elf -
Changes its process name 64 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself daemon 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself daemon 1513 i686.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1513 i686.elf Changes the process name, possibly in an attempt to hide itself daemon 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself daemon 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself daemon 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1513 i686.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1513 i686.elf Changes the process name, possibly in an attempt to hide itself watchdog 1513 i686.elf Changes the process name, possibly in an attempt to hide itself -sh 1513 i686.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/unix i686.elf -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/class/net i686.elf File opened for reading /sys/class/watchdog i686.elf