Overview

overview

9

Static

static

706b609882...d07f19

linux_amd64

9

706b609882...d07f19

linux_mipsel

706b609882...d07f19

linux_mips

Resubmissions

28-07-2021 09:47

210728-9a51fxcxas 9

27-07-2021 11:35

210727-ccxmv55vs6 9

20-01-2021 18:05

210120-8mk3nbt1ns 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    706b6098822e7992beb7528cf585b29f734b5b2ad615520028af007e11d07f19

  • Size

    7.7MB

  • Sample

    210727-ccxmv55vs6

  • MD5

    cdeb5abff1b7b207d1b136e4f680f2c2

  • SHA1

    a16ec9b68c6bb04cb7a2741ba6c41f48bb8d3473

  • SHA256

    61b26b448c914c9ac726df12878f625aa2e65047240da148b20cfb48ca80c20b

  • SHA512

    7f2ce886a297041449289e9379b27461d5224cebf70f48185ed9ed7faa60755d2422a7ba095da992411a02d0359bf3a422e18125a7e3ab41c77e39e9547dfce3

Score
9/10
antivmlinuxpersistence

Malware Config

Targets

    • Target

      706b6098822e7992beb7528cf585b29f734b5b2ad615520028af007e11d07f19

    • Size

      7.7MB

    • MD5

      cdeb5abff1b7b207d1b136e4f680f2c2

    • SHA1

      a16ec9b68c6bb04cb7a2741ba6c41f48bb8d3473

    • SHA256

      61b26b448c914c9ac726df12878f625aa2e65047240da148b20cfb48ca80c20b

    • SHA512

      7f2ce886a297041449289e9379b27461d5224cebf70f48185ed9ed7faa60755d2422a7ba095da992411a02d0359bf3a422e18125a7e3ab41c77e39e9547dfce3

    Score
    9/10
    antivmpersistence

    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

      antivm

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Write file to user bin folder

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Hijack Execution Flow

1
T1574

Privilege Escalation

Scheduled Task

1
T1053

Hijack Execution Flow

1
T1574

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Tasks