ea0fc5ac219c6cd3499af4711b37a783bed4f92b14ac8ac9cbe5dcbdb86b11db | Triage

Analysis

max time kernel
19720s
max time network
156s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
24-07-2022 22:43

Sharing

Report Analysis Logs

General

Target

ea0fc5ac219c6cd3499af4711b37a783bed4f92b14ac8ac9cbe5dcbdb86b11db
Size

125KB
MD5

e4be5bf4c93ad3484f2e609102a4799b
SHA1

bd10975553b04ee4db9864ac227dcc3cafb49641
SHA256

ea0fc5ac219c6cd3499af4711b37a783bed4f92b14ac8ac9cbe5dcbdb86b11db
SHA512

537780c465e43bff3507867a17e246973ace6e8b9fa4bb30abf7820508f14f734dc4ac0058bd561656e0d0af2f560d0f0a0c712e53482546d8dbd4c3dda3e975

Score

8^/10

Malware Config

Signatures

Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.

Processes:

description ioc

/etc/hosts /etc/hosts
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf

/tmp/ea0fc5ac219c6cd3499af4711b37a783bed4f92b14ac8ac9cbe5dcbdb86b11db
/tmp/ea0fc5ac219c6cd3499af4711b37a783bed4f92b14ac8ac9cbe5dcbdb86b11db
1⤵
PID:363

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Replay Monitor

Loading Replay Monitor...