75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

General
Target

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

Size

2MB

Sample

220520-qqj3esggdr

Score
10 /10
MD5

b97e572ff7fc887edd5085402e0b4e86

SHA1

a7cd1e37de9b2e38d5dbaeac8124006e27d24281

SHA256

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

SHA512

724c3f2ee4dfda9aa7d452ca3491c13c689cf0bab058193e3097f1146c1b7195f86924c36e25bcb85c95fe5607c8b909f044bb69efababa7a04de471afe02b94

Malware Config
Targets
Target

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

MD5

b97e572ff7fc887edd5085402e0b4e86

Filesize

2MB

Score
9/10
SHA1

a7cd1e37de9b2e38d5dbaeac8124006e27d24281

SHA256

75dda8e2779e13c234387fe6164ea7a71fe15e9753a6ee687ba5588ba2200463

SHA512

724c3f2ee4dfda9aa7d452ca3491c13c689cf0bab058193e3097f1146c1b7195f86924c36e25bcb85c95fe5607c8b909f044bb69efababa7a04de471afe02b94

Tags

Signatures

  • Attempts to identify hypervisor via CPU configuration

    Description

    Checks CPU information for indicators that the system is a virtual machine.

    Tags

    TTPs

    Virtualization/Sandbox Evasion
  • Modifies hosts file

    Description

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration

    Description

    Writes data to DNS resolver config file.

    TTPs

  • Reads CPU attributes

    TTPs

    System Information Discovery
  • Enumerates kernel/hardware configuration

    Description

    Reads contents of /sys virtual filesystem to enumerate system information.

    TTPs

    System Information Discovery
  • Reads runtime system information

    Description

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory

    Description

    Malware often drops required files in the /tmp directory.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      10/10

                      behavioral1

                      9/10