General
-
Target
c721189a2b89cd279e9a033c93b8b5017dc165cba89eff5b8e1b5866195518bc
-
Size
764KB
-
Sample
210414-vgrbel4njs
-
MD5
7d2595904aa6feb46b3e8f3262963042
-
SHA1
32f485eece997ee331809e98495641f2bddf8b3f
-
SHA256
c721189a2b89cd279e9a033c93b8b5017dc165cba89eff5b8e1b5866195518bc
-
SHA512
77b36c4a46ae236b0e0bf5b839239b742e437d9d1990408165be0096defd6562976a0c4158fd2c9cd61287b785ecb178864ca379437e1304d6664593ca1115c5
Malware Config
Targets
-
-
Target
c721189a2b89cd279e9a033c93b8b5017dc165cba89eff5b8e1b5866195518bc
-
Size
764KB
-
MD5
7d2595904aa6feb46b3e8f3262963042
-
SHA1
32f485eece997ee331809e98495641f2bddf8b3f
-
SHA256
c721189a2b89cd279e9a033c93b8b5017dc165cba89eff5b8e1b5866195518bc
-
SHA512
77b36c4a46ae236b0e0bf5b839239b742e437d9d1990408165be0096defd6562976a0c4158fd2c9cd61287b785ecb178864ca379437e1304d6664593ca1115c5
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-