Analysis

  • max time kernel
    9747s
  • max time network
    155s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • submitted
    31-03-2022 12:14

General

  • Target

    apa.jpg

  • Size

    53KB

  • Sample

    220331-pea5psbff2

  • MD5

    10ac30ebbed68584400f8ccd814e2a60

  • SHA1

    fc3539a0c7b4f5bcbe22373fe0e81fb613afd270

  • SHA256

    6574b93062974e287a65798dca6f6efd2bc8f8e376baa6efa69ddfc719acf8d9

  • SHA512

    a51563bd3f6639b927d8c3ff53e24551d6a9936b8185305840c8e8cbc05ac3e8a465a7d3a09f915af7b81afec4092c7c4b170589d3b5f954e8ec65e4d11dea18

Score
8/10

Malware Config

Signatures 3

  • Modifies hosts file ⋅ 1 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration ⋅ 1 TTPs 1 IoCs

    Writes data to DNS resolver config file.

  • Modifies rc script ⋅ 1 TTPs 1 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

Processes 3

  • ./apa.jpg
    ./apa.jpg
    Modifies rc script
    PID:577
    • /bin/sh
      sh -c "/usr/bin/chmod +x /etc/rc.d/rc.local"
      PID:578
      • /usr/bin/chmod
        /usr/bin/chmod +x /etc/rc.d/rc.local
        PID:579

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Replay Monitor

                          00:00 00:00

                          Downloads