d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82

Resubmissions

01-12-2021 14:23

211201-rqctsafhd9 10

02-09-2021 16:16

210902-tq712aagc7 10

Analysis

max time kernel
0s
max time network
285s
platform
linux_amd64
resource
ubuntu-amd64
submitted
02-09-2021 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
Size

2.0MB
MD5

8729ec8b771cfb0134740c564cd7e965
SHA1

d8de06e85d23afe38063f22ff0ef9cd597027122
SHA256

d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
SHA512

1c049294744d906088327d332351da9739a561c1faf45e282e6afc9038c523abbd27a20619de947cf3782fcb76903a46f3a35258f0b80735b319319fbfc4bb5f

Score

9^/10

persistence

Malware Config

Signatures

Deletes system logs 1 TTPs 6 IoCs

Indicator Removal on Host

T1070

description	ioc
/var/log/apt	/var/log/apt
/var/log/installer	/var/log/installer
/var/log/installer/cdebconf	/var/log/installer/cdebconf
/var/log/dist-upgrade	/var/log/dist-upgrade
/var/log/journal	/var/log/journal
/var/log/journal/a44f0fe52e404b679b7b2c5bbcd8d157	/var/log/journal/a44f0fe52e404b679b7b2c5bbcd8d157

Modifies hosts file 1 IoCs

Adds to hosts file used for mapping hosts to IP addresses.

description	ioc
/etc/hosts	/etc/hosts

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc
/etc/resolv.conf	/etc/resolv.conf

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task

T1053

description	ioc
/var/spool/cron/crontabs	/var/spool/cron/crontabs

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery

T1082

description	ioc
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online

Writes file to tmp directory 3 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17	/tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17	d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
/tmp/main.log	/tmp/main.log	Process not Found
/tmp/./d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82	/tmp/./d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82	Process not Found

./d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
./d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
1⤵
- Writes file to tmp directory
PID:674

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Indicator Removal on Host

T1070

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads