51a3558ccba777337e5e10d96c4774ca2cefdfe9af86b99081d1b96db31c7a76

Analysis

max time kernel
0s
max time network
27s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
18-07-2022 13:49

Target

51a3558ccba777337e5e10d96c4774ca2cefdfe9af86b99081d1b96db31c7a76
Size

611KB
MD5

5cfcec836e7a1bfd0cc2414b1d09f109
SHA1

b170e940758582abb6efba25bc4234e734a16c95
SHA256

51a3558ccba777337e5e10d96c4774ca2cefdfe9af86b99081d1b96db31c7a76
SHA512

36d1cef9709a29cb25abe003b91f0443a9c28ae1e09c592de5e6f24ec821022883e756af75068da10f896e314c15b063660a8b4678407593828c46f797d6f7e8

Score

10^/10

suricata: ET MALWARE DDoS.XOR Checkin
suricata: ET MALWARE DDoS.XOR Checkin
suricata
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
suricata

Writes file to system bin folder 1 TTPs 3 IoCs

Hijack Execution Flow

Processes:

Creates/modifies Cron job 1 TTPs 2 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

Scheduled Task

Processes:

shsed

description	ioc	Process
/etc/crontab	/etc/crontab	sh
/etc/crontab	/etc/crontab	sed

Modifies rc script 1 TTPs 12 IoCs

Adding/modifying system rc scripts is a common persistence mechanism.

Boot or Logon Autostart Execution

Processes:

update-rc.d

description	ioc	Process
/etc/rc3.d/S9051a3558ccba777337e5e10d96c4774ca2cefdfe9af86b99081d1b96db31c7a76	/etc/rc3.d/S9051a3558ccba777337e5e10d96c4774ca2cefdfe9af86b99081d1b96db31c7a76