a9cfa78fcb204c246319dd3d3a47ce2fa17137a7924756c8b4688d227443d34b

Analysis

max time kernel
0s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
13-01-2025 09:32

Sharing

Copy URL

Twitter E-mail

Reason

Payload did not run: exit status 2

Report Analysis Logs

General

Target

elitebotnet.x86.elf
Size

75KB
MD5

d0e41bbbdd2dfc55e138d300228887b7
SHA1

157b9f9b631fe4d7628801bbfb88828524f55d54
SHA256

a9cfa78fcb204c246319dd3d3a47ce2fa17137a7924756c8b4688d227443d34b
SHA512

67cc3688f0adea4fb898567d29c3d5cb162ca33f322d577d8fa6c267b273a2441930ab279916fcdc4aa9baa9dca87f2cf32fc95fd2694ccca72b72ae83058ec5
SSDEEP

1536:dvBGpSzKkubpUa2jecqSR/JYHqrJw+e6+MFOPRkTZRbXPLz8wbZnx+5:hcpHblUaBczNeHqNw36FOPOZRTPLQwb/

Score

7^/10

defense_evasion

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 1 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1508	sh

/tmp/elitebotnet.x86.elf
/tmp/elitebotnet.x86.elf
1⤵
PID:1507
- /bin/sh
  sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/elitebotnet.x86.elf bin/watchdog; chmod 777 bin/watchdog"
  2⤵
  - File and Directory Permissions Modification
  PID:1508
- - /bin/rm
    rm -rf bin/watchdog
    3⤵
    PID:1509

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads