Analysis

  • max time kernel
    16372s
  • max time network
    142s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • submitted
    16/06/2022, 03:45

General

  • Target

    27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d

  • Size

    80KB

  • MD5

    0fc53e5e2b68543e59f22d5267591b68

  • SHA1

    f623695b3476eae04012308fac8521230354b5ca

  • SHA256

    27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d

  • SHA512

    bfc53d60926e74f5eb1decf49a9ddb246ea1a7f7fc4654b0bdac14f68b31c62f80bd3d0b3872c4ff930bb1a1570e921375f98d8d4e06d3fb90f763863f9a81e9

Score
8/10

Malware Config

Signatures

  • Modifies hosts file 3 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration 1 TTPs 3 IoCs

    Writes data to DNS resolver config file.

  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • ./27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d
    ./27a89e1c2f9bd1d4e5784d28350a9d78316fb471cf4eb59e7231ef00d09ed00d
    1⤵
      PID:577
    • /bin/sh
      sh -c "wget http://api.ipify.org -qO-"
      1⤵
        PID:578
        • /usr/bin/wget
          wget http://api.ipify.org -qO-
          2⤵
          • Modifies hosts file
          • Writes DNS configuration
          PID:579
      • /bin/sh
        sh -c "wget ipinfo.io/154.61.71.51/org -qO-"
        1⤵
          PID:581
          • /usr/bin/wget
            wget ipinfo.io/154.61.71.51/org -qO-
            2⤵
            • Modifies hosts file
            • Writes DNS configuration
            PID:582
        • /bin/sh
          sh -c "wget ipinfo.io/154.61.71.51/country -qO-"
          1⤵
            PID:586
            • /usr/bin/wget
              wget ipinfo.io/154.61.71.51/country -qO-
              2⤵
              • Modifies hosts file
              • Writes DNS configuration
              PID:587

          Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads