6574b93062974e287a65798dca6f6efd2bc8f8e376baa6efa69ddfc719acf8d9

Analysis

max time kernel
9747s
max time network
155s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
submitted
31-03-2022 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

apa.jpg
Size

53KB
MD5

10ac30ebbed68584400f8ccd814e2a60
SHA1

fc3539a0c7b4f5bcbe22373fe0e81fb613afd270
SHA256

6574b93062974e287a65798dca6f6efd2bc8f8e376baa6efa69ddfc719acf8d9
SHA512

a51563bd3f6639b927d8c3ff53e24551d6a9936b8185305840c8e8cbc05ac3e8a465a7d3a09f915af7b81afec4092c7c4b170589d3b5f954e8ec65e4d11dea18

Score

8^/10

persistence

Malware Config

Signatures

Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.

Processes:

description ioc

/etc/hosts /etc/hosts
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf
Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
persistence

Boot or Logon Autostart Execution
T1547

Processes:

apa.jpg

description ioc process

/etc/rc.local /etc/rc.local apa.jpg

description	ioc
/etc/hosts	/etc/hosts

description	ioc
/etc/resolv.conf	/etc/resolv.conf

description	ioc	process
/etc/rc.local	/etc/rc.local	apa.jpg

./apa.jpg
./apa.jpg
1⤵
- Modifies rc script
PID:577

/bin/sh
sh -c "/usr/bin/chmod +x /etc/rc.d/rc.local"
2⤵
PID:578

/usr/bin/chmod
/usr/bin/chmod +x /etc/rc.d/rc.local
3⤵
PID:579

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

T1568

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads