ffe9a29f878e5f4858347527510d65fd8d9d59a071dfb7a5d6ee8ce64394819a | Triage

Sharing

General

Target

b
Size

449B
Sample

220809-nz36jsbeb9
MD5

1b6c2e23804389fb3c4a9ddcce882f5d
SHA1

0c086d7aa61e5c5a4de5c4e4d769c9c7440c8bbd
SHA256

ffe9a29f878e5f4858347527510d65fd8d9d59a071dfb7a5d6ee8ce64394819a
SHA512

8a4300b60ee626a8b7a9719ee1b16378802a3989f78ad895c4f3c17d385a0ae76d3113c50095b343f7836db5b7356e31f342afecf199c005d3ee2f26d40d741a

Score

9^/10

discovery linux

Malware Config

Targets

- Target
  
  b
- Size
  
  449B
- MD5
  
  1b6c2e23804389fb3c4a9ddcce882f5d
- SHA1
  
  0c086d7aa61e5c5a4de5c4e4d769c9c7440c8bbd
- SHA256
  
  ffe9a29f878e5f4858347527510d65fd8d9d59a071dfb7a5d6ee8ce64394819a
- SHA512
  
  8a4300b60ee626a8b7a9719ee1b16378802a3989f78ad895c4f3c17d385a0ae76d3113c50095b343f7836db5b7356e31f342afecf199c005d3ee2f26d40d741a
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Legitimate hosting services abused for malware hosting/C2
- Enumerates kernel/hardware configuration
  Reads contents of /sys virtual filesystem to enumerate system information.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4