5db5fc6bc58bea2897f6911cc9ae37c0db6c8430c4c7e816fe4a6bebe889e9fb

Analysis

max time kernel
0s
max time network
161s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
31/07/2022, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5db5fc6bc58bea2897f6911cc9ae37c0db6c8430c4c7e816fe4a6bebe889e9fb
Size

142KB
MD5

26e621cf27a2db514ec901919fec4ff4
SHA1

778a2dbcd38ce7f0ea5267d4ae26f631f81a6db2
SHA256

5db5fc6bc58bea2897f6911cc9ae37c0db6c8430c4c7e816fe4a6bebe889e9fb
SHA512

d3d029b1a0d0f1e1d19093878f2136cbb0274a13941a27ae11f290bb40b039e59b49c18be933383fb40457448219f86cec2e6de2adc526a2a633e9138acadf89

Score

9^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Modifies hosts file 1 IoCs

Adds to hosts file used for mapping hosts to IP addresses.

description	ioc
/etc/hosts	/etc/hosts

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc
/etc/resolv.conf	/etc/resolv.conf

/tmp/5db5fc6bc58bea2897f6911cc9ae37c0db6c8430c4c7e816fe4a6bebe889e9fb
/tmp/5db5fc6bc58bea2897f6911cc9ae37c0db6c8430c4c7e816fe4a6bebe889e9fb
1⤵
PID:346

/bin/sh
sh -c
1⤵
PID:348

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...