Resubmissions
21-01-2025 18:29
250121-w48wlaxjhn 720-01-2025 15:39
250120-s3qf3swpfp 720-01-2025 15:18
250120-spxcgawjhl 7Analysis
-
max time kernel
869s -
max time network
868s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240729-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
21-01-2025 18:29
Static task
static1
Behavioral task
behavioral1
Sample
123.i686
Resource
ubuntu2004-amd64-20240729-en
ubuntu-20.04-amd64
7 signatures
150 seconds
General
-
Target
123.i686
-
Size
64KB
-
MD5
515d44449575fb5f6e1cc10698c09189
-
SHA1
a27023ffcc67f3ffe6a80f3d8a4b1cca886d363d
-
SHA256
a262c2a7c581c95058ddfd0bcd30c20e856e036d5170f3c625d76e221db6d882
-
SHA512
491166e8bc8858c6b83283179e31e12501d19b2c0c80d49a11e5f6b3a6ad5de3b6b66178c91aacbb109e51bfe3719c98e5b0d8f8f8f6db4112c00de04e9b0cd6
-
SSDEEP
768:JD3UKOqcPkfKmL0XSodeE/fg7BWo0vjwZ2nvP3NtA+Th8HRolbzF12LDm3oRyXsg:FkbkiC4J3n8BWDN3ZSS1uyXskmXsU
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1383 123.i686 -
Unexpected DNS network traffic destination 2 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 138.197.140.189 Destination IP 194.36.144.87 -
Reads MAC address of network interface 2 TTPs 1 IoCs
Fetches the MAC address of active network interfaces. May be used to detect known values for hypervisors.
description ioc Process File opened for reading /sys/class/net/ens3/address 123.i686 -
Reads network interface configuration 2 TTPs 2 IoCs
Fetches information about one or more active network interfaces.
description ioc Process File opened for reading /sys/class/net/ens3/flags 123.i686 File opened for reading /sys/class/net/ens3/carrier 123.i686 -
Changes its process name 64 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /bin/busybox 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself daemon 1384 123.i686 Changes the process name, possibly in an attempt to hide itself -sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/busybox 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself daemon 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/busybox 1384 123.i686 Changes the process name, possibly in an attempt to hide itself -sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself -sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself daemon 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/busybox 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/busybox 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself daemon 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself daemon 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/busybox 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/busybox 1384 123.i686 Changes the process name, possibly in an attempt to hide itself -sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/busybox 1384 123.i686 Changes the process name, possibly in an attempt to hide itself daemon 1384 123.i686 Changes the process name, possibly in an attempt to hide itself daemon 1384 123.i686 Changes the process name, possibly in an attempt to hide itself -sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself -sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself daemon 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/busybox 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/busybox 1384 123.i686 Changes the process name, possibly in an attempt to hide itself /bin/sh 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself kswapd0 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself watchdog 1384 123.i686 Changes the process name, possibly in an attempt to hide itself daemon 1384 123.i686 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/unix 123.i686 -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/class/net 123.i686 File opened for reading /sys/class/watchdog 123.i686