4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

Resubmissions

05-09-2022 12:12

220905-pdhs6agfgj 10

03-09-2022 22:20

220903-185rysgeb2 10

Analysis

max time kernel
0s
max time network
374s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
05-09-2022 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853
Size

549KB
MD5

63d6cd74a7cd01bf3a3921c36e90237f
SHA1

f697783da228c7787cf1c6a67a10a8c065d6aaa7
SHA256

4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853
SHA512

51b1aef53c8277b8700630b144f15c9a41df358a43d71ef0b9352bbdf71c8777774f1ef1e361c8c95930143b54fcde590885242df3da60dce5b1a1d3761e2db3
SSDEEP

12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO

Score

9^/10

persistence

Malware Config

Signatures

Writes file to system bin folder 1 TTPs 17 IoCs

Hijack Execution Flow

T1574

Processes:

description	ioc
/bin/axsihdh	/bin/axsihdh
/bin/tjvuictxwlzpjn	/bin/tjvuictxwlzpjn
/bin/llxrmjorsvoys	/bin/llxrmjorsvoys
/bin/lxtkclv	/bin/lxtkclv
/bin/kygkkydu	/bin/kygkkydu
/bin/bdjndcasevfovo	/bin/bdjndcasevfovo
/bin/ziajduripqg	/bin/ziajduripqg
/bin/iorqfhwj	/bin/iorqfhwj
/bin/duewoclpusocs	/bin/duewoclpusocs
/bin/amqydslsmdgrxg	/bin/amqydslsmdgrxg
/bin/zbcqyirohggq	/bin/zbcqyirohggq
/bin/gkymqrji	/bin/gkymqrji
/bin/gfgzrkm	/bin/gfgzrkm
/bin/emqieqtwecel	/bin/emqieqtwecel
/bin/qwlfkxq	/bin/qwlfkxq
/bin/uuegtxs	/bin/uuegtxs
/bin/nxpsgn	/bin/nxpsgn

Modifies rc script 1 TTPs 5 IoCs

Adding/modifying system rc scripts is a common persistence mechanism.

persistence

Boot or Logon Autostart Execution

T1547

Processes:

description	ioc
/etc/rc3.d/S90pwlzerj	/etc/rc3.d/S90pwlzerj
/etc/rc4.d/S90pwlzerj	/etc/rc4.d/S90pwlzerj
/etc/rc5.d/S90pwlzerj	/etc/rc5.d/S90pwlzerj
/etc/rc1.d/S90pwlzerj	/etc/rc1.d/S90pwlzerj
/etc/rc2.d/S90pwlzerj	/etc/rc2.d/S90pwlzerj

Writes file to shm directory 1 IoCs

Malware can drop malicious files in the shm directory which will run directly from RAM.

Processes:

description	ioc
/dev/shm/sem.7e4uh7	/dev/shm/sem.7e4uh7

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

description	ioc
/tmp/4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853	/tmp/4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

/tmp/4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853
/tmp/4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853
1⤵
PID:581

/bin/jrezlwp
/bin/jrezlwp
1⤵
PID:585

/bin/bdjndcasevfovo
/bin/bdjndcasevfovo -d 586
1⤵
PID:590

/bin/tjvuictxwlzpjn
/bin/tjvuictxwlzpjn -d 586
1⤵
PID:597

/bin/llxrmjorsvoys
/bin/llxrmjorsvoys -d 586
1⤵
PID:600

/bin/ziajduripqg
/bin/ziajduripqg -d 586
1⤵
PID:603

/bin/qwlfkxq
/bin/qwlfkxq -d 586
1⤵
PID:606

/bin/duewoclpusocs
/bin/duewoclpusocs -d 586
1⤵
PID:610

/bin/iorqfhwj
/bin/iorqfhwj -d 586
1⤵
PID:613

/bin/uuegtxs
/bin/uuegtxs -d 586
1⤵
PID:616

/bin/amqydslsmdgrxg
/bin/amqydslsmdgrxg -d 586
1⤵
PID:619

/bin/nxpsgn
/bin/nxpsgn -d 586
1⤵
PID:622

/bin/gkymqrji
/bin/gkymqrji -d 586
1⤵
PID:625

/bin/lxtkclv
/bin/lxtkclv -d 586
1⤵
PID:628

/bin/zbcqyirohggq
/bin/zbcqyirohggq -d 586
1⤵
PID:631

/bin/kygkkydu
/bin/kygkkydu -d 586
1⤵
PID:634

/bin/gfgzrkm
/bin/gfgzrkm -d 586
1⤵
PID:637

/bin/emqieqtwecel
/bin/emqieqtwecel -d 586
1⤵
PID:640

/bin/axsihdh
/bin/axsihdh -d 586
1⤵
PID:643

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads