26bb71bc8e6b6343bd80595934f5a8b1ef0a235a8efd86d2866a42ff82f512da

Analysis

max time kernel
146s
max time network
147s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
09-01-2025 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ssh.elf
Size

99KB
MD5

00389ae9afc4e52098a16c0b227b45bd
SHA1

59aab7520d7a6c875cf911f1588966825017e31f
SHA256

26bb71bc8e6b6343bd80595934f5a8b1ef0a235a8efd86d2866a42ff82f512da
SHA512

a84f7b11091cc2c739907a351a95e0bde6ff0bdb4da8845985f27a35288f455c1894ff651a01f93a57a5dd7a434bdb96d5f0a87dffbc85bd6bb52059b281dd2d
SSDEEP

3072:R3tl3wYkMFJIeIbpLoIc2raQarJeteC9pbw:9JI9pc2+QarJeteC9pbw

Score

6^/10

discovery

Malware Config

Signatures

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	ssh.elf

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	ssh.elf

/tmp/ssh.elf
/tmp/ssh.elf
1⤵
- Reads system routing table
- Reads system network configuration
PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads