853af5ed57a9ad4a2205553583ca5a11b18c1518d5bab1712b3555afab8d72a0

Analysis

max time kernel
0s
max time network
10s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
17-02-2025 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Linux-Malware-Samples-main/0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df
Size

2.4MB
MD5

283e0172063d1a23c20c6bca1ed0d2bb
SHA1

08ee7bdd0e015e6ab7a8893254b62b2c2a4a18c7
SHA256

0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df
SHA512

257960f0c02811cb3174226649330e2d11e868dd4107ca38f66a5ca9b064898a3e509859bb1c9d630ef8e74b6a766aa10e4d8d8dd57d7e1445baeeb06b0d297c
SSDEEP

49152:kXvwER8s/Oggpz/K1Cg4TdRYd3fJS+/OOg0HZ+ECsfLm:oF5g63fJ3Jg0HXS

Score

7^/10

discovery upx

Malware Config

Signatures

Runs EXE from memory 1 IoCs

Runs an executable from memory, likely to minimize footprint

ioc	pid	Process
/proc/self/fd/3	1579	0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral11/files/fstream-1.dat	upx

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/self/exe	3

/tmp/Linux-Malware-Samples-main/0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df
/tmp/Linux-Malware-Samples-main/0a569366eeec52380b4462b455cacc9a788c2a7883b0a9965d20f0422dfc44df
1⤵
- Runs EXE from memory
- Enumerates kernel/hardware configuration
PID:1575

/proc/self/fd/3
bioset
1⤵
- Reads runtime system information
PID:1579

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/proc/self/fd/3

Filesize
332KB

MD5
b8568c474fc342621f748a5e03f71667

SHA1
b10b1b6e88198c6abe3c0d6af7defc992f4cc840

SHA256
e15550481e89dbd154b875ce50cc5af4b49f9ff7b837d9ac5b5594e5d63966a3

SHA512
eeede837a7522bcee4261ba49cc3d0952ea72a267b51cafb31e2952f8f628be4cb2bad0a1d482a386223f4f424fa26dda4f312b83a775d8b88fa8c1135a1b0c4

Download Submit