2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa

Analysis

max time kernel
14180s
max time network
157s
platform
linux_armhf
resource
debian9-armhf-en-20211208
submitted
21-05-2022 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
Size

165KB
MD5

5af7e0632a67e2dec47970ef7610a205
SHA1

bd96dc96b081245a8dfd831d2fe147c9939beec4
SHA256

2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
SHA512

cb5ec510122c8834bbc8b0e27d2a7357d0cad3a5999f67003ce90c52e80dd6d818c707cf8dbd8a60e9b41610a8dd11926587532ba4ef9035153d941e49899900

Score

7^/10

persistence

Malware Config

Signatures

Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
persistence

Boot or Logon Autostart Execution
T1547

Processes:

2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa

description ioc process

/etc/rc.d/rc.local /etc/rc.d/rc.local 2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa

description ioc process

/proc/net/route /proc/net/route 2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa

description ioc process

/proc/net/route /proc/net/route 2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa

description	ioc	process
/etc/rc.d/rc.local	/etc/rc.d/rc.local	2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa

description	ioc	process
/proc/net/route	/proc/net/route	2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa

description	ioc	process
/proc/net/route	/proc/net/route	2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa

./2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
./2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
1⤵
- Modifies rc script
- Reads system routing table
- Reads system network configuration
PID:363

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads