6e0e90c688b966c65eb4d1acb132490557a7c387e1d8bb0ddfb5f478ac47fe70

Analysis

max time kernel
0s
max time network
136s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
submitted
08-07-2022 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e0e90c688b966c65eb4d1acb132490557a7c387e1d8bb0ddfb5f478ac47fe70
Size

3.3MB
MD5

81984c0fb19c725e619ae3f56664e77f
SHA1

2086ab4c6ed6fd4ecb2705949aa7f8d33a7c9fd9
SHA256

6e0e90c688b966c65eb4d1acb132490557a7c387e1d8bb0ddfb5f478ac47fe70
SHA512

adcbcb90325813cdee78c76830ffd8056b07125c232af9c4f30f2f920f514805f65e49283cb74e107b98b1d4dd7e44056a1d7e01b4472edca4ea2033ab5a94dd

Score

9^/10

backdoor

Malware Config

Signatures

Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow
T1574

Processes:

ldconfig

description ioc process

/sbin/ldconfig /sbin/ldconfig ldconfig
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

description ioc

/sys/devices/system/cpu/online /sys/devices/system/cpu/online

description	ioc	process
/sbin/ldconfig	/sbin/ldconfig	ldconfig

description	ioc
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online

Reads network interface configuration 2 TTPs 6 IoCs

Fetches information about one or more active network interfaces.

backdoor

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Processes:

description	ioc
/sys/class/net/lo/address	/sys/class/net/lo/address
/sys/class/net/lo/carrier	/sys/class/net/lo/carrier
/sys/class/net/lo/type	/sys/class/net/lo/type
/sys/class/net/ens3/address	/sys/class/net/ens3/address
/sys/class/net/ens3/carrier	/sys/class/net/ens3/carrier
/sys/class/net/ens3/type	/sys/class/net/ens3/type

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

description ioc

/sys/class/net /sys/class/net

description	ioc
/sys/class/net	/sys/class/net

Reads runtime system information 16 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
/proc/stat	/proc/stat
/proc/582/cmdline	/proc/582/cmdline
/proc/582/environ	/proc/582/environ
/proc/582/statm	/proc/582/statm
/proc/582/task/582/stat	/proc/582/task/582/stat
/proc/582/fd/4	/proc/582/fd/4
/proc/582/fd	/proc/582/fd
/proc/582/io	/proc/582/io
/proc/self/maps	/proc/self/maps
/proc/582/fd/3	/proc/582/fd/3
/proc/582/smaps	/proc/582/smaps
/proc/meminfo	/proc/meminfo
/proc/582/task	/proc/582/task
/proc/mounts	/proc/mounts
/proc/582/stat	/proc/582/stat
/proc/582/status	/proc/582/status

./6e0e90c688b966c65eb4d1acb132490557a7c387e1d8bb0ddfb5f478ac47fe70
./6e0e90c688b966c65eb4d1acb132490557a7c387e1d8bb0ddfb5f478ac47fe70
1⤵
PID:581

/sbin/ldconfig
/sbin/ldconfig -p
1⤵
- Writes file to system bin folder
PID:587

/sbin/ldconfig.real
/sbin/ldconfig.real -p
1⤵
PID:587

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads