d00a1ff14bae4c15c4a72ae71ddf7f08fe4f2482a08fa6c4c4357e60d4484b61

Analysis

max time kernel
20291s
max time network
152s
platform
linux_mipsel
resource
debian9-mipsel-en-20211208
resource tags

arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
31-07-2022 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d00a1ff14bae4c15c4a72ae71ddf7f08fe4f2482a08fa6c4c4357e60d4484b61
Size

240KB
MD5

1a25b1011c3c5f0accfa28e51350d924
SHA1

40eafe92b002c9d191c2fc3f1d4155faeec828b2
SHA256

d00a1ff14bae4c15c4a72ae71ddf7f08fe4f2482a08fa6c4c4357e60d4484b61
SHA512

d51a87ad3376eea7274b6497af4120f4d369566c65cfc460a5e60a74e21caef69bdaf3ab5dd5066e03bf5793f7b60556cbc8ffc85bdc79f9b58faa1f96caa792

Score

8^/10

persistence

Malware Config

Signatures

Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.

Processes:

description ioc

/etc/hosts /etc/hosts
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf
Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
persistence

Boot or Logon Autostart Execution
T1547

Processes:

d00a1ff14bae4c15c4a72ae71ddf7f08fe4f2482a08fa6c4c4357e60d4484b61

description ioc process

/etc/rc.d/rc.local /etc/rc.d/rc.local d00a1ff14bae4c15c4a72ae71ddf7f08fe4f2482a08fa6c4c4357e60d4484b61
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

description ioc

/proc/net/route /proc/net/route
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

description ioc

/proc/net/route /proc/net/route

description	ioc
/etc/hosts	/etc/hosts

description	ioc
/etc/resolv.conf	/etc/resolv.conf

description	ioc	process
/etc/rc.d/rc.local	/etc/rc.d/rc.local	d00a1ff14bae4c15c4a72ae71ddf7f08fe4f2482a08fa6c4c4357e60d4484b61

description	ioc
/proc/net/route	/proc/net/route

description	ioc
/proc/net/route	/proc/net/route

/tmp/d00a1ff14bae4c15c4a72ae71ddf7f08fe4f2482a08fa6c4c4357e60d4484b61
/tmp/d00a1ff14bae4c15c4a72ae71ddf7f08fe4f2482a08fa6c4c4357e60d4484b61
1⤵
- Modifies rc script
PID:325

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

T1568

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads