ad2d2ae296c85792794bdf2d77efa5f56d07846f091037661392c697febaebb8

General

Target

262319f550cc09ccd489f1caf254e54b
Size

10.4MB
MD5

262319f550cc09ccd489f1caf254e54b
SHA1

243b1043c72ce76aaefa1c84b39b00778ae1b53f
SHA256

ad2d2ae296c85792794bdf2d77efa5f56d07846f091037661392c697febaebb8
SHA512

25ab2141d01c8a8bf3733b2fdf8192ada477a4e8f9c6b53052c3d4daf9bcc70f9f761156a2af309568cc5a9fa77b2a3bd1ace3b3720540bdae2e1b770f7c6db7

Score

8^/10

Malware Config

Signatures

Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.

Processes:

description ioc

/etc/hosts /etc/hosts
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

description ioc

/sys/devices/system/cpu/online /sys/devices/system/cpu/online
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.

Processes:

description ioc

/proc/self/fd /proc/self/fd
/proc/stat /proc/stat

description	ioc
/etc/hosts	/etc/hosts

description	ioc
/etc/resolv.conf	/etc/resolv.conf

description	ioc
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online

description	ioc
/proc/self/fd	/proc/self/fd
/proc/stat	/proc/stat

Writes file to tmp directory 64 IoCs

Malware often drops required files in the /tmp directory.

Processes:

uname262319f550cc09ccd489f1caf254e54bsh

/tmp/262319f550cc09ccd489f1caf254e54b
/tmp/262319f550cc09ccd489f1caf254e54b
1⤵
- Writes file to tmp directory
PID:570

/bin/sh
/bin/sh -c "uname -p 2> /dev/null"
1⤵
- Writes file to tmp directory
PID:577

/bin/uname
uname -p
2⤵
- Writes file to tmp directory
PID:578

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1

T1568

Impact

description	ioc
/tmp/_MEILojBET/lib-dynload/ssl_.py	/tmp/_MEILojBET/lib-dynload/ssl_.py
/tmp/_MEILojBET/tls/libc.so.6	/tmp/_MEILojBET/tls/libc.so.6	uname
/tmp/_MEILojBET/libreadline.so.6	/tmp/_MEILojBET/libreadline.so.6	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/tls/x86_64/libc.so.6	/tmp/_MEILojBET/tls/x86_64/libc.so.6	sh
/tmp/_MEILojBET/psutil/_psutil_linux.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/psutil/_psutil_linux.cpython-36m-x86_64-linux-gnu.so
/tmp/_MEILojBET/lib-dynload/connection.py	/tmp/_MEILojBET/lib-dynload/connection.py
/tmp/_MEILojBET/x86_64.py	/tmp/_MEILojBET/x86_64.py
/tmp/_MEILojBET/lib-dynload/zlib.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/zlib.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/_elementtree.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_elementtree.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/retry.py	/tmp/_MEILojBET/lib-dynload/retry.py
/tmp/_MEILojBET/lib-dynload/_codecs_kr.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_codecs_kr.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/libnsl.so.1	/tmp/_MEILojBET/libnsl.so.1
/tmp/_MEILojBET/lib-dynload/adapters.py	/tmp/_MEILojBET/lib-dynload/adapters.py
/tmp/_MEILojBET/adapters.py	/tmp/_MEILojBET/adapters.py
/tmp/_MEILojBET/retry.py	/tmp/_MEILojBET/retry.py
/tmp/_MEILojBET/base_library.zip/x86_64.py	/tmp/_MEILojBET/base_library.zip/x86_64.py
/tmp/_MEILojBET/lib-dynload/_datetime.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_datetime.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/base_library.zip/sessions.py	/tmp/_MEILojBET/base_library.zip/sessions.py
/tmp/_MEILojBET/lib-dynload/math.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/math.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/_codecs_iso2022.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_codecs_iso2022.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/base_library.zip/ssl_.py	/tmp/_MEILojBET/base_library.zip/ssl_.py
/tmp/262319f550cc09ccd489f1caf254e54b	/tmp/262319f550cc09ccd489f1caf254e54b	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/mmap.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/mmap.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/base_library.zip/api.py	/tmp/_MEILojBET/base_library.zip/api.py
/tmp/_MEILojBET/sessions.py	/tmp/_MEILojBET/sessions.py
/tmp/_MEILojBET/libz.so.1	/tmp/_MEILojBET/libz.so.1	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/_pickle.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_pickle.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/libncurses.so.5	/tmp/_MEILojBET/libncurses.so.5	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/libc.so.6	/tmp/_MEILojBET/libc.so.6	uname
/tmp/_MEILojBET/lib-dynload/_bisect.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_bisect.cpython-36m-x86_64-linux-gnu.so
/tmp/_MEILojBET/lib-dynload/_decimal.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_decimal.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/resource.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/resource.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/libffi.so.6	/tmp/_MEILojBET/libffi.so.6	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/certifi/py.typed	/tmp/_MEILojBET/certifi/py.typed	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/_random.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_random.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/_opcode.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_opcode.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/select.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/select.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/tls/libc.so.6	/tmp/_MEILojBET/tls/libc.so.6	sh
/tmp/_MEILojBET/libresolv.so.2	/tmp/_MEILojBET/libresolv.so.2
/tmp/_MEILojBET/lib-dynload/_multibytecodec.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_multibytecodec.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/x86_64/libc.so.6	/tmp/_MEILojBET/x86_64/libc.so.6	uname
/tmp/_MEILojBET/psutil	/tmp/_MEILojBET/psutil
/tmp/_MEILojBET/lib-dynload/unicodedata.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/unicodedata.cpython-36m-x86_64-linux-gnu.so
/tmp/_MEILojBET/libnss_nis.so.2	/tmp/_MEILojBET/libnss_nis.so.2
/tmp/_MEILojBET/api.py	/tmp/_MEILojBET/api.py
/tmp/_MEILojBET	/tmp/_MEILojBET	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/fcntl.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/fcntl.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/_sha512.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_sha512.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/liblzma.so.5	/tmp/_MEILojBET/liblzma.so.5	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/tls/haswell/x86_64/libc.so.6	/tmp/_MEILojBET/tls/haswell/x86_64/libc.so.6	uname
/tmp/_MEILojBET/lib-dynload/_bz2.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_bz2.cpython-36m-x86_64-linux-gnu.so
/tmp/_MEILojBET/lib-dynload/_bisect.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_bisect.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/_heapq.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_heapq.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/liblzma.so.5	/tmp/_MEILojBET/liblzma.so.5
/tmp/_MEILojBET/lib-dynload/_codecs_jp.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_codecs_jp.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/tls/haswell/libc.so.6	/tmp/_MEILojBET/tls/haswell/libc.so.6	sh
/tmp/_MEILojBET/haswell/x86_64/libc.so.6	/tmp/_MEILojBET/haswell/x86_64/libc.so.6	sh
/tmp/_MEILojBET/haswell/x86_64/libc.so.6	/tmp/_MEILojBET/haswell/x86_64/libc.so.6	uname
/tmp/_MEILojBET/lib-dynload/_multibytecodec.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/_multibytecodec.cpython-36m-x86_64-linux-gnu.so
/tmp/_MEILojBET/connectionpool.py	/tmp/_MEILojBET/connectionpool.py
/tmp/_MEILojBET/libbz2.so.1.0	/tmp/_MEILojBET/libbz2.so.1.0	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/termios.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/termios.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/lib-dynload/unicodedata.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEILojBET/lib-dynload/unicodedata.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEILojBET/tls/x86_64/libc.so.6	/tmp/_MEILojBET/tls/x86_64/libc.so.6	uname

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads