af736d0466d0c88fe66666676ca09462fddedbbe8befe49dd2dc691053c293c6 | Triage

Resubmissions

08-08-2022 11:59

220808-n54n9sadbl 8

02-06-2022 06:46

220602-hjns2ahbdk 10

Sharing

General

Target

pty
Size

43KB
Sample

220808-n54n9sadbl
MD5

4828b6dfe2f542f5763109c015a1fc57
SHA1

08b0e90b15ef106b1a67273788ab42763b728e0a
SHA256

af736d0466d0c88fe66666676ca09462fddedbbe8befe49dd2dc691053c293c6
SHA512

242cb978a8dff0857bd83618b68b07834794a67a86a9421fc55934db220254e20395825b089b9be6fda577cee9451d3d9eaa66de2835932591ccd2d681481796

Score

8^/10

linux

Malware Config

Targets

- Target
  
  pty
- Size
  
  43KB
- MD5
  
  4828b6dfe2f542f5763109c015a1fc57
- SHA1
  
  08b0e90b15ef106b1a67273788ab42763b728e0a
- SHA256
  
  af736d0466d0c88fe66666676ca09462fddedbbe8befe49dd2dc691053c293c6
- SHA512
  
  242cb978a8dff0857bd83618b68b07834794a67a86a9421fc55934db220254e20395825b089b9be6fda577cee9451d3d9eaa66de2835932591ccd2d681481796
Score

8^/10
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Write file to user bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Tasks

static1

behavioral1