b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

Analysis

max time kernel
14179s
max time network
140s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
submitted
21-05-2022 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9
Size

102KB
MD5

8c8d103f4addde921efbbee260e5ace4
SHA1

e884f607a6d9e109c9bb3ac9e93a4b0cf3a8b536
SHA256

b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9
SHA512

3e82904b7bb559af51cb69c5b19bd5aeed47c4fb0a30cf772580200f0eb76e9214ff8f4cd961efd7817ab3dfcc0dc975f7e5100ce80b27da94a6d6d522f65f5a

Score

7^/10

persistence

Malware Config

Signatures

Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
persistence

Boot or Logon Autostart Execution
T1547

Processes:

b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

description ioc process

/etc/rc.d/rc.local /etc/rc.d/rc.local b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

description ioc process

/proc/net/route /proc/net/route b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

description ioc process

/proc/net/route /proc/net/route b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

description	ioc	process
/etc/rc.d/rc.local	/etc/rc.d/rc.local	b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

description	ioc	process
/proc/net/route	/proc/net/route	b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

description	ioc	process
/proc/net/route	/proc/net/route	b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

./b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9
./b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9
1⤵
- Modifies rc script
- Reads system routing table
- Reads system network configuration
PID:592

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads