anchordns | 4655b4b44f6962e4f9641a52c24373390766c50b62fcc222e40511c0f1ed91d2 | Triage

Resubmissions

20-07-2021 12:54

210720-rc9l4c6m7x 10

12-07-2021 07:08

210712-lgfebklxd6 10

Sharing

General

Target

4655b4b44f6962e4f9641a52c24373390766c50b62fcc222e40511c0f1ed91d2.bin
Size

764KB
Sample

210720-rc9l4c6m7x
MD5

e98cb10437462f3873a6b50d207d287f
SHA1

1e5868157303c0cf825033c465722399b0d36c1f
SHA256

4655b4b44f6962e4f9641a52c24373390766c50b62fcc222e40511c0f1ed91d2
SHA512

a8e77f9f35b5398d3ea6eed7e307fe6d27cc1b9d7f10e0d8e8482b789dc7a06b18d2f4bc4c6e2157f696e07eb4a140e3d9e44e9d42cbb0d5a229b7e2c2d432b8

Score

10^/10

anchordns backdoor linux persistence

Malware Config

Targets

- Target
  
  4655b4b44f6962e4f9641a52c24373390766c50b62fcc222e40511c0f1ed91d2.bin
- Size
  
  764KB
- MD5
  
  e98cb10437462f3873a6b50d207d287f
- SHA1
  
  1e5868157303c0cf825033c465722399b0d36c1f
- SHA256
  
  4655b4b44f6962e4f9641a52c24373390766c50b62fcc222e40511c0f1ed91d2
- SHA512
  
  a8e77f9f35b5398d3ea6eed7e307fe6d27cc1b9d7f10e0d8e8482b789dc7a06b18d2f4bc4c6e2157f696e07eb4a140e3d9e44e9d42cbb0d5a229b7e2c2d432b8
Score

9^/10

persistence
- Writes file to system bin folder
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Write file to user bin folder
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoorlinuxanchordns

behavioral1

behavioral2

behavioral3