a9cfa78fcb204c246319dd3d3a47ce2fa17137a7924756c8b4688d227443d34b

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
14-01-2025 03:00

Target

a9cfa78fcb204c246319dd3d3a47ce2fa17137a7924756c8b4688d227443d34b.elf
Size

75KB
MD5

d0e41bbbdd2dfc55e138d300228887b7
SHA1

157b9f9b631fe4d7628801bbfb88828524f55d54
SHA256

a9cfa78fcb204c246319dd3d3a47ce2fa17137a7924756c8b4688d227443d34b
SHA512

67cc3688f0adea4fb898567d29c3d5cb162ca33f322d577d8fa6c267b273a2441930ab279916fcdc4aa9baa9dca87f2cf32fc95fd2694ccca72b72ae83058ec5
SSDEEP

1536:dvBGpSzKkubpUa2jecqSR/JYHqrJw+e6+MFOPRkTZRbXPLz8wbZnx+5:hcpHblUaBczNeHqNw36FOPOZRTPLQwb/

Score

9^/10

Contacts a large (23991) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

File and Directory Permissions Modification 1 TTPs 2 IoCs

Adversaries may modify file or directory permissions to evade defenses.

Linux and Mac File and Directory Permissions Modification

pid	Process
2466	sh
2470	chmod

Modifies rc script 2 TTPs 1 IoCs

Adding/modifying system rc scripts is a common persistence mechanism.

Boot or Logon Autostart Execution

RC Scripts

description	ioc	Process
File opened for modification	/etc/rc.local	a9cfa78fcb204c246319dd3d3a47ce2fa17137a7924756c8b4688d227443d34b.elf

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	/bin/busybox	2464	a9cfa78fcb204c246319dd3d3a47ce2fa17137a7924756c8b4688d227443d34b.elf

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	mv

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/bin/busybox	sh