14f6f7f19bf0317ac6bf8240d5983ea630602e91b74b6152cf2943d65f84b6bc | Triage

Analysis

max time kernel
149s
max time network
129s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
25-12-2024 05:51

Sharing

Report Analysis Logs

General

Target

ssh_host_dsa_key.pub
Size

1.3MB
MD5

a28a2214e56cc52c8a85d430e0af9795
SHA1

ab493393a6d1222e0b49c8a2694d30b745f8b3c3
SHA256

58f3e16ee6b490d1f561800ec10e999fe4d6586b8906e744ce738fd9586fadb0
SHA512

c81ceabddd0a841dc28756700edc33e6ad2c903e62336b5b1254cb18cccfc9f4b2964ee7f7a5e92dacd26758507c6d1a4ae538531d8516589549295fe24c85de
SSDEEP

24576:nUqQJKEa76QLCQW1KLQC204e2WtqacK7yo:n+JKX6QNW1KLQC204e7tqAj

Score

4^/10

Malware Config

Signatures

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	usr/sbin/httpd	2528	perl

/tmp/ssh_host_dsa_key.pub
/tmp/ssh_host_dsa_key.pub
1⤵
PID:2528

/usr/bin/perl
/usr/bin/perl /dev/fd/3
1⤵
- Changes its process name
PID:2528
- /usr/local/sbin/nproc
  nproc
  2⤵
  PID:2531
- /usr/local/bin/nproc
  nproc
  2⤵
  PID:2531
- /usr/sbin/nproc
  nproc
  2⤵
  PID:2531
- /usr/bin/nproc
  nproc
  2⤵
  PID:2531
- /usr/local/sbin/hostname
  hostname
  2⤵
  PID:2532
- /usr/local/bin/hostname
  hostname
  2⤵
  PID:2532
- /usr/sbin/hostname
  hostname
  2⤵
  PID:2532
- /usr/bin/hostname
  hostname
  2⤵
  PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads