Analysis
-
max time kernel
0s -
max time network
142s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
submitted
25-06-2022 04:22
General
-
Target
42b289bab7584155c626ba7be194fcf1f64490e8139a8c3db2b5df5f3c811d96
-
Size
80KB
-
MD5
e27abfd97f8a0a42c386c2bc6c0829b4
-
SHA1
66bde01f00f4c5fe5744117560dfcf04a387c63f
-
SHA256
42b289bab7584155c626ba7be194fcf1f64490e8139a8c3db2b5df5f3c811d96
-
SHA512
d16cebdf73cd33dafb4a76b8fffe4235a9c9433a4f995da99708a2310045652f88ad7e2ff41979740a33902563041a35270ff33f6549985893a260a7c1394b8f
Score
8/10
Malware Config
Signatures
-
Modifies hosts file 3 IoCs
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration 1 TTPs 3 IoCs
Writes data to DNS resolver config file.
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes
-
./42b289bab7584155c626ba7be194fcf1f64490e8139a8c3db2b5df5f3c811d96./42b289bab7584155c626ba7be194fcf1f64490e8139a8c3db2b5df5f3c811d961⤵
-
/bin/shsh -c "wget http://api.ipify.org -qO-"1⤵
-
/usr/bin/wgetwget http://api.ipify.org -qO-2⤵
- Modifies hosts file
- Writes DNS configuration
-
-
/bin/shsh -c "wget ipinfo.io/154.61.71.51/org -qO-"1⤵
-
/usr/bin/wgetwget ipinfo.io/154.61.71.51/org -qO-2⤵
- Modifies hosts file
- Writes DNS configuration
-
-
/bin/shsh -c "wget ipinfo.io/154.61.71.51/country -qO-"1⤵
-
/usr/bin/wgetwget ipinfo.io/154.61.71.51/country -qO-2⤵
- Modifies hosts file
- Writes DNS configuration
-