Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

zD1jpTbFQq

ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped

initial sample

Details

Filetype:	ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
Entropy:	6.361116795039536
Filename:	zD1jpTbFQq
Filesize:	93144
MD5:	e06f0a88a25db599d47dadb03907ef00
SHA1:	ee8da3d3dffde40ef93700991aa5d472d760fda5
SHA256:	f3f57dc399b0dc7bbe3a019afb7d7402c40274deea75b2cc605ff13e94229c71
SHA512:	49d3b63ad117a26995b8eb12c2c742ab396499b1f388e55e67da7c42ab2de79ea54321743640b09d270d8167c66a26db26ba180a7f067987b13e6279a0b4b280
SSDEEP:	1536:U6PIx2j6HUvZjqEQTq3F+cCRIP3n6wFObVnI98MKsd+:ZP6yZKqV536DnIyMr+
Preview:	.ELF...........................4..i......4. ...(......................f...f...............f...f...f.......(X........dt.Q.............................!..\|......$H...H.G!...$8!. \|...N.. .!..\|.......?.........jP..../...@..\?.....f$.+../...A..$8...})....f$N..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara signature match	System Summary
Uses the "uname" system call to query kernel version information (possible evasion)	Malware Analysis System Evasion	Security Software Discovery
Enumerates processes within the "proc" file system	Persistence and Installation Behavior	OS Credential Dumping
Sample listens on a socket	Networking
Sample tries to kill a process (SIGKILL)	System Summary
Found detection on Joe Sandbox Cloud Basic with higher score	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion

/run/systemd/journal/streams/.#9:74252mAQxYs

ASCII text

dropped

Details

File:	/run/systemd/journal/streams/.#9:74252mAQxYs
Category:	dropped
Dump:	.#9_74252mAQxYs.23.dr
ID:	dr_2
Target ID:	23
Process:	/lib/systemd/systemd-journald
Type:	ASCII text
Entropy:	5.511422543934028
Encrypted:	false
Ssdeep:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5SVjhWGYnS1c+sjsv:SbFuFyLVIg1BG+f+M0FhBQSiTji4s
Size:	223
Whitelisted:	false
Reputation:	low

/run/systemd/journal/streams/.#9:742562yIbVs

ASCII text

dropped

Details

File:	/run/systemd/journal/streams/.#9:742562yIbVs
Category:	dropped
Dump:	.#9_742562yIbVs.23.dr
ID:	dr_3
Target ID:	23
Process:	/lib/systemd/systemd-journald
Type:	ASCII text
Entropy:	5.529631514219359
Encrypted:	false
Ssdeep:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmph4FVHhB1EvAglsjq:SbFuFyLVIg1BG+f+M4FxFEYTji4s
Size:	223
Whitelisted:	false
Reputation:	low

/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal

data

dropped

Details

File:	/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal
Category:	dropped
Dump:	system.journal.23.dr
ID:	dr_0
Target ID:	23
Process:	/lib/systemd/systemd-journald
Type:	data
Entropy:	1.448047321524811
Encrypted:	false
Ssdeep:	3:F31HlbMg7fl9Mg7F:F3Vflv
Size:	240
Whitelisted:	false
Reputation:	low

/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal

data

dropped

Details

File:	/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal
Category:	dropped
Dump:	user-1000.journal.23.dr
ID:	dr_1
Target ID:	23
Process:	/lib/systemd/systemd-journald
Type:	data
Entropy:	1.4595260194504922
Encrypted:	false
Ssdeep:	3:F31HlvXKufXK6lt:F3fdLX
Size:	240
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/tmp/zD1jpTbFQq

n/a

/tmp/zD1jpTbFQq

n/a

/tmp/zD1jpTbFQq

n/a

/tmp/zD1jpTbFQq

n/a

/tmp/zD1jpTbFQq

n/a

/tmp/zD1jpTbFQq

n/a

/tmp/zD1jpTbFQq

n/a

/tmp/zD1jpTbFQq

n/a

/tmp/zD1jpTbFQq

n/a

/usr/lib/systemd/systemd

n/a

/usr/bin/journalctl

/usr/bin/journalctl --smart-relinquish-var

/usr/lib/systemd/systemd

n/a

/lib/systemd/systemd-journald

/usr/bin/xfce4-session

n/a

/usr/bin/xfsettingsd