Analysis
-
max time kernel
52s -
max time network
150s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20250224-en -
resource tags
-
submitted
07/03/2025, 13:42
General
-
Target
5r3fqt67ew531has4231.x86.elf
-
Size
87KB
-
MD5
6d70f889cd1bdf08feb9513f96075e40
-
SHA1
52dab91077f4232c39458029347c92357269b654
-
SHA256
cc2f5fcbd00aa4a61b88e4a8899a31904b84882406bb5681f05f191eff39e43c
-
SHA512
3f5cf7123cd312b1ebc51031f7d8a61b347f1862af43bbd2e9a45bfbb4fd9f40956f4bf63b7d605efdd2c63ced3600324dd7954ac2c7156f861664142854791e
-
SSDEEP
1536:3Xzz9YFHM7EXGcKTPFHuvgjGbGrIW9Lg3LjUydFEiTLuRLHXKhZGowbZnZS:zz9YFHqMUTNOvgcGdL4LTdFPLuRb6pw6
Score
9/10
Malware Config
Signatures
-
Contacts a large (197370) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification 1 TTPs 2 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Changes its process name 1 IoCs
-
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/5r3fqt67ew531has4231.x86.elf/tmp/5r3fqt67ew531has4231.x86.elf1⤵
- Changes its process name
-
/bin/shsh -c "rm -rf bin/busybox && mkdir bin; >bin/busybox && mv /tmp/5r3fqt67ew531has4231.x86.elf bin/busybox; chmod 777 bin/busybox"2⤵
- File and Directory Permissions Modification
- Writes file to tmp directory
-
/usr/bin/rmrm -rf bin/busybox3⤵
-
-
/usr/bin/mkdirmkdir bin3⤵
- Reads runtime system information
-
-
/usr/bin/mvmv /tmp/5r3fqt67ew531has4231.x86.elf bin/busybox3⤵
- Reads runtime system information
-
-
/usr/bin/chmodchmod 777 bin/busybox3⤵
- File and Directory Permissions Modification
-
-