Analysis
-
max time kernel
148s -
max time network
132s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
16-12-2024 02:33
Static task
static1
General
-
Target
a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf
-
Size
64KB
-
MD5
515d44449575fb5f6e1cc10698c09189
-
SHA1
a27023ffcc67f3ffe6a80f3d8a4b1cca886d363d
-
SHA256
a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882
-
SHA512
491166e8bc8858c6b83283179e31e12501d19b2c0c80d49a11e5f6b3a6ad5de3b6b66178c91aacbb109e51bfe3719c98e5b0d8f8f8f6db4112c00de04e9b0cd6
-
SSDEEP
768:JD3UKOqcPkfKmL0XSodeE/fg7BWo0vjwZ2nvP3NtA+Th8HRolbzF12LDm3oRyXsg:FkbkiC4J3n8BWDN3ZSS1uyXskmXsU
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1571 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf -
Unexpected DNS network traffic destination 2 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 51.77.149.139 Destination IP 65.21.1.106 -
Reads MAC address of network interface 2 TTPs 2 IoCs
Fetches the MAC address of active network interfaces. May be used to detect known values for hypervisors.
description ioc Process File opened for reading /sys/class/net/ens3/address a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf File opened for reading /sys/class/net/lo/address a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf -
Reads network interface configuration 2 TTPs 2 IoCs
Fetches information about one or more active network interfaces.
description ioc Process File opened for reading /sys/class/net/ens3/flags a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf File opened for reading /sys/class/net/ens3/carrier a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf -
Changes its process name 64 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /bin/sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself watchdog 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself watchdog 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself watchdog 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself watchdog 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself watchdog 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself watchdog 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself daemon 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself watchdog 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself -sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/sh 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself /bin/busybox 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf Changes the process name, possibly in an attempt to hide itself kswapd0 1572 a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/unix a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/class/net a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf File opened for reading /sys/class/watchdog a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf
Processes
-
/tmp/a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf/tmp/a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882.elf1⤵
- Deletes itself
- Reads MAC address of network interface
- Reads network interface configuration
- Changes its process name
- Reads system network configuration
- Enumerates kernel/hardware configuration
PID:1571