175a2b8fbd81536979ad5295165a989528affff9f8b723fc6a249d3744385e32

Analysis

max time kernel
149s
max time network
152s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
09/03/2025, 11:12

Target

a.elf
Size

68KB
MD5

a0bcae6836a81a880dad23bb349b9415
SHA1

202c6f4b101056de9c21f69c65912645f350e5c0
SHA256

175a2b8fbd81536979ad5295165a989528affff9f8b723fc6a249d3744385e32
SHA512

420f3e52e748d8043f7f35ef5aff3d6f639f66fb5880b056d2a0c0bbc8d74a7740e9ceeb5069e8de3e4e95e131873a4ab36207535e4eddc8f25d18edb2960060
SSDEEP

1536:uSF8pAUAqYgodcKIYGfohwJDSNspPcze5qxOq5GzfI7mygK7iw0:5aAUAqYgo8YGAhwJeNsBcze5qxOq5Gzu

Score

9^/10

discovery

Contacts a large (216455) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	pid
Changes the process name, possibly in an attempt to hide itself	1480

Writes file to tmp directory 4 IoCs

Malware often drops required files in the /tmp directory.

description	ioc
File opened for modification	/tmp/Ŏ��ŝ��
File opened for modification	/tmp/笭�祡��翩��
File opened for modification	/tmp/Ŏ��Ŭ��۵��
File opened for modification	/tmp/笭�玜��迩��

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact