Overview

overview

8

Static

static

beans

ubuntu-18.04-amd64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    beans

  • Size

    1.7MB

  • Sample

    220810-eynj2adbdl

  • MD5

    720a3a92e72054dc8d58e229c22bb892

  • SHA1

    07a3fb97c339a186f79c33d4de32997b2ad735d4

  • SHA256

    e7c5b3de93a3184dc99c98c7f45e6ff5f6881b15d4a56c144e2e53e96dcc0e82

  • SHA512

    9a537e88a8dc4f2c24e6dc683c5c626e2dde5cf2a230bdd8759a9e3b337904bfc43bdc8b60bead85b58122703adafe978d7129fbbe9a662ad62a19066ba364a9

Score
8/10
discoverylinux

Malware Config

Targets

    • Target

      beans

    • Size

      1.7MB

    • MD5

      720a3a92e72054dc8d58e229c22bb892

    • SHA1

      07a3fb97c339a186f79c33d4de32997b2ad735d4

    • SHA256

      e7c5b3de93a3184dc99c98c7f45e6ff5f6881b15d4a56c144e2e53e96dcc0e82

    • SHA512

      9a537e88a8dc4f2c24e6dc683c5c626e2dde5cf2a230bdd8759a9e3b337904bfc43bdc8b60bead85b58122703adafe978d7129fbbe9a662ad62a19066ba364a9

    Score
    8/10
    discovery

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

1
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Web Service

1
T1102

Impact

Tasks