a1ac85008489d60bf7c4f83d51535b17136f5ea95136111aee546995ab731276

Analysis

max time kernel
133s
max time network
150s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20250307-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20250307-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
14/04/2025, 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x86.elf
Size

107KB
MD5

a70c69ff9b4101a578700121ff861120
SHA1

656ddafe0e3760ef8b0476c60205110c269065e4
SHA256

a1ac85008489d60bf7c4f83d51535b17136f5ea95136111aee546995ab731276
SHA512

fc8c1b18aa863330d0b293f2583c5a22b2e889575bc79c2981b5d23bd8d873fd7bbd0f931bf3fff6aac61f9590ba705aa6ab83f4c35f9f08ca2bca0d9d5a8986
SSDEEP

3072:w/b8FO9ojZO1ZBO/3833nYD51RGnSUN5vZ1atf:wbIOSFO1mU3FSOFZQF

Score

7^/10

credential_access

Malware Config

Signatures

Deletes itself 1 IoCs

pid
1573

Enumerates running processes
Discovers information about currently running processes on the system

Reads process memory 1 TTPs 64 IoCs

Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

credential_access

Proc Filesystem

T1003.007

description	ioc
File opened for reading	/proc/17/maps
File opened for reading	/proc/19/maps
File opened for reading	/proc/27/maps
File opened for reading	/proc/93/maps
File opened for reading	/proc/159/maps
File opened for reading	/proc/314/maps
File opened for reading	/proc/25/maps
File opened for reading	/proc/79/maps
File opened for reading	/proc/113/maps
File opened for reading	/proc/263/maps
File opened for reading	/proc/10/maps
File opened for reading	/proc/78/maps
File opened for reading	/proc/91/maps
File opened for reading	/proc/224/maps
File opened for reading	/proc/315/maps
File opened for reading	/proc/410/maps
File opened for reading	/proc/416/maps
File opened for reading	/proc/12/maps
File opened for reading	/proc/85/maps
File opened for reading	/proc/86/maps
File opened for reading	/proc/90/maps
File opened for reading	/proc/94/maps
File opened for reading	/proc/114/maps
File opened for reading	/proc/221/maps
File opened for reading	/proc/73/maps
File opened for reading	/proc/80/maps
File opened for reading	/proc/201/maps
File opened for reading	/proc/377/maps
File opened for reading	/proc/11/maps
File opened for reading	/proc/18/maps
File opened for reading	/proc/83/maps
File opened for reading	/proc/96/maps
File opened for reading	/proc/408/maps
File opened for reading	/proc/414/maps
File opened for reading	/proc/211/maps
File opened for reading	/proc/412/maps
File opened for reading	/proc/7/maps
File opened for reading	/proc/15/maps
File opened for reading	/proc/205/maps
File opened for reading	/proc/213/maps
File opened for reading	/proc/16/maps
File opened for reading	/proc/20/maps
File opened for reading	/proc/22/maps
File opened for reading	/proc/26/maps
File opened for reading	/proc/76/maps
File opened for reading	/proc/101/maps
File opened for reading	/proc/227/maps
File opened for reading	/proc/3/maps
File opened for reading	/proc/23/maps
File opened for reading	/proc/98/maps
File opened for reading	/proc/110/maps
File opened for reading	/proc/222/maps
File opened for reading	/proc/5/maps
File opened for reading	/proc/21/maps
File opened for reading	/proc/75/maps
File opened for reading	/proc/81/maps
File opened for reading	/proc/88/maps
File opened for reading	/proc/160/maps
File opened for reading	/proc/207/maps
File opened for reading	/proc/2/maps
File opened for reading	/proc/74/maps
File opened for reading	/proc/197/maps
File opened for reading	/proc/209/maps
File opened for reading	/proc/6/maps

Changes its process name 3 IoCs

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	-	1572
Changes the process name, possibly in an attempt to hide itself	kworker/u8:0	1572
Changes the process name, possibly in an attempt to hide itself	httpd	1572

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

OS Credential Dumping

T1003

Proc Filesystem

T1003.007

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads