ad2d2ae296c85792794bdf2d77efa5f56d07846f091037661392c697febaebb8

General

Target

262319f550cc09ccd489f1caf254e54b
Size

10.4MB
MD5

262319f550cc09ccd489f1caf254e54b
SHA1

243b1043c72ce76aaefa1c84b39b00778ae1b53f
SHA256

ad2d2ae296c85792794bdf2d77efa5f56d07846f091037661392c697febaebb8
SHA512

25ab2141d01c8a8bf3733b2fdf8192ada477a4e8f9c6b53052c3d4daf9bcc70f9f761156a2af309568cc5a9fa77b2a3bd1ace3b3720540bdae2e1b770f7c6db7
SSDEEP

196608:muJHGbszcH24xALq0DVW6vVSitrdoYvq8z+byKpVcGJ/daQbhcyJpHqebEM:hJHAPfA7VSSoYS8zBKpSGJlaKJFzbEM

Score

8^/10

Malware Config

Signatures

Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.

Processes:

description ioc

/etc/hosts /etc/hosts
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

description ioc

/sys/devices/system/cpu/online /sys/devices/system/cpu/online
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.

Processes:

description ioc

/proc/stat /proc/stat
/proc/self/fd /proc/self/fd

description	ioc
/etc/hosts	/etc/hosts

description	ioc
/etc/resolv.conf	/etc/resolv.conf

description	ioc
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online

description	ioc
/proc/stat	/proc/stat
/proc/self/fd	/proc/self/fd

Writes file to tmp directory 64 IoCs

Malware often drops required files in the /tmp directory.

Processes:

262319f550cc09ccd489f1caf254e54bfileshuname

/tmp/262319f550cc09ccd489f1caf254e54b
/tmp/262319f550cc09ccd489f1caf254e54b
1⤵
- Writes file to tmp directory
PID:570

/usr/local/sbin/file
file /tmp/262319f550cc09ccd489f1caf254e54b
1⤵
PID:576

/usr/local/bin/file
file /tmp/262319f550cc09ccd489f1caf254e54b
1⤵
PID:576

/usr/sbin/file
file /tmp/262319f550cc09ccd489f1caf254e54b
1⤵
PID:576

/usr/bin/file
file /tmp/262319f550cc09ccd489f1caf254e54b
1⤵
- Writes file to tmp directory
PID:576

/bin/sh
/bin/sh -c "uname -p 2> /dev/null"
1⤵
- Writes file to tmp directory
PID:577

/bin/uname
uname -p
2⤵
- Writes file to tmp directory
PID:578

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Dynamic Resolution

1

T1568

Exfiltration

Impact

description	ioc	process
/tmp/_MEIbRt5YZ/certifi/py.typed	/tmp/_MEIbRt5YZ/certifi/py.typed	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_blake2.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_blake2.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_sha3.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_sha3.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_ssl.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_ssl.cpython-36m-x86_64-linux-gnu.so
/tmp/_MEIbRt5YZ/tls/libmagic.so.1	/tmp/_MEIbRt5YZ/tls/libmagic.so.1	file
/tmp/_MEIbRt5YZ/lib-dynload/_codecs_jp.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_codecs_jp.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_hashlib.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_hashlib.cpython-36m-x86_64-linux-gnu.so
/tmp/_MEIbRt5YZ/libmagic.so.1	/tmp/_MEIbRt5YZ/libmagic.so.1	file
/tmp/_MEIbRt5YZ/lib-dynload/math.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/math.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/libbz2.so.1.0	/tmp/_MEIbRt5YZ/libbz2.so.1.0	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/libcrypto.so.1.0.0	/tmp/_MEIbRt5YZ/libcrypto.so.1.0.0	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/libbz2.so.1.0	/tmp/_MEIbRt5YZ/libbz2.so.1.0
/tmp/_MEIbRt5YZ/libnss_nis.so.2	/tmp/_MEIbRt5YZ/libnss_nis.so.2
/tmp/_MEIbRt5YZ/base_library.zip/adapters.py	/tmp/_MEIbRt5YZ/base_library.zip/adapters.py
/tmp/_MEIbRt5YZ/lib-dynload/_bz2.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_bz2.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/262319f550cc09ccd489f1caf254e54b	/tmp/262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/libc.so.6	/tmp/_MEIbRt5YZ/libc.so.6	sh
/tmp/_MEIbRt5YZ/libnss_compat.so.2	/tmp/_MEIbRt5YZ/libnss_compat.so.2
/tmp/_MEIbRt5YZ/lib-dynload/retry.py	/tmp/_MEIbRt5YZ/lib-dynload/retry.py
/tmp/_MEIbRt5YZ/certifi	/tmp/_MEIbRt5YZ/certifi	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_sha1.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_sha1.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/base_library.zip/api.py	/tmp/_MEIbRt5YZ/base_library.zip/api.py
/tmp/_MEIbRt5YZ/lib-dynload/_codecs_iso2022.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_codecs_iso2022.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_pickle.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_pickle.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_blake2.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_blake2.cpython-36m-x86_64-linux-gnu.so
/tmp/262319f550cc09ccd489f1caf254e54b	/tmp/262319f550cc09ccd489f1caf254e54b	file
/tmp/_MEIbRt5YZ/lib-dynload/x86_64.py	/tmp/_MEIbRt5YZ/lib-dynload/x86_64.py
/tmp/_MEIbRt5YZ/lib-dynload	/tmp/_MEIbRt5YZ/lib-dynload	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_datetime.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_datetime.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/connectionpool.py	/tmp/_MEIbRt5YZ/connectionpool.py
/tmp/_MEIbRt5YZ/psutil	/tmp/_MEIbRt5YZ/psutil	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/libssl.so.1.0.0	/tmp/_MEIbRt5YZ/libssl.so.1.0.0
/tmp/_MEIbRt5YZ/lib-dynload/resource.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/resource.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_bz2.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_bz2.cpython-36m-x86_64-linux-gnu.so
/tmp/_MEIbRt5YZ/base_library.zip/connectionpool.py	/tmp/_MEIbRt5YZ/base_library.zip/connectionpool.py
/tmp/_MEIbRt5YZ/base_library.zip/ssl.py	/tmp/_MEIbRt5YZ/base_library.zip/ssl.py
/tmp/_MEIbRt5YZ/lib-dynload/binascii.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/binascii.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_decimal.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_decimal.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/tls/haswell/libc.so.6	/tmp/_MEIbRt5YZ/tls/haswell/libc.so.6	sh
/tmp/_MEIbRt5YZ/lib-dynload/_curses.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_curses.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/termios.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/termios.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/tls/haswell/x86_64/libmagic.so.1	/tmp/_MEIbRt5YZ/tls/haswell/x86_64/libmagic.so.1	file
/tmp/_MEIbRt5YZ/tls/libc.so.6	/tmp/_MEIbRt5YZ/tls/libc.so.6	sh
/tmp/_MEIbRt5YZ/base_library.zip/connection.py	/tmp/_MEIbRt5YZ/base_library.zip/connection.py
/tmp/_MEIbRt5YZ/lib-dynload/_ssl.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_ssl.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/binascii.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/binascii.cpython-36m-x86_64-linux-gnu.so
/tmp/_MEIbRt5YZ/x86_64/libc.so.6	/tmp/_MEIbRt5YZ/x86_64/libc.so.6	uname
/tmp/_MEIbRt5YZ/lib-dynload/_sha512.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_sha512.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_md5.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_md5.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_posixsubprocess.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_posixsubprocess.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/tls/libc.so.6	/tmp/_MEIbRt5YZ/tls/libc.so.6	uname
/tmp/_MEIbRt5YZ/liblzma.so.5	/tmp/_MEIbRt5YZ/liblzma.so.5
/tmp/_MEIbRt5YZ/api.py	/tmp/_MEIbRt5YZ/api.py
/tmp/_MEIbRt5YZ/libz.so.1	/tmp/_MEIbRt5YZ/libz.so.1	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/lib-dynload/_codecs_tw.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_codecs_tw.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/libpython3.6m.so.1.0	/tmp/_MEIbRt5YZ/libpython3.6m.so.1.0	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/haswell/libmagic.so.1	/tmp/_MEIbRt5YZ/haswell/libmagic.so.1	file
/tmp/_MEIbRt5YZ/base_library.zip/ssl_.py	/tmp/_MEIbRt5YZ/base_library.zip/ssl_.py
/tmp/_MEIbRt5YZ/ssl.py	/tmp/_MEIbRt5YZ/ssl.py
/tmp/_MEIbRt5YZ/lib-dynload/_json.cpython-36m-x86_64-linux-gnu.so	/tmp/_MEIbRt5YZ/lib-dynload/_json.cpython-36m-x86_64-linux-gnu.so	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/libreadline.so.6	/tmp/_MEIbRt5YZ/libreadline.so.6	262319f550cc09ccd489f1caf254e54b
/tmp/_MEIbRt5YZ/libcrypto.so.1.0.0	/tmp/_MEIbRt5YZ/libcrypto.so.1.0.0
/tmp/_MEIbRt5YZ/haswell/x86_64/libmagic.so.1	/tmp/_MEIbRt5YZ/haswell/x86_64/libmagic.so.1	file
/tmp/_MEIbRt5YZ	/tmp/_MEIbRt5YZ	262319f550cc09ccd489f1caf254e54b

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads