0784e1bee6469df56bfa5202ac753163467c96f48956227022435868cc8398ab

Analysis

max time kernel
0s
max time network
102s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
26/09/2022, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
Size

1.4MB
MD5

07c4131be372493c131bb3a334b789d7
SHA1

a9edf9d076d7990856aa8c9125c292c2fac5dbd1
SHA256

6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
SHA512

c2c07e0a6c1704a2d205e92f022b1cb4c2c83e259f7cfa56b8aeb0fbd46d3d853aa687ecc3a13c381520d3a1e2c63e0716fa2eb453d39128c0d793c912cf3322
SSDEEP

24576:ImOowyo1GbbuetXKl0UOIPbaTk4JKqTJuMo/gy+HedY3wMn9J0a6s4AvQdHaTQwJ:bDt/uekPDo0Ku9M7n9Ca6s4cQd6TB40

Score

8^/10

Malware Config

Signatures

Modifies hosts file 1 IoCs

Adds to hosts file used for mapping hosts to IP addresses.

description	ioc
/etc/hosts	/etc/hosts

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc
/etc/resolv.conf	/etc/resolv.conf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/self/exe	/proc/self/exe	6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
/proc/filesystems	/proc/filesystems	6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
/proc/11/fd	/proc/11/fd	Process not Found
/proc/98/cmdline	/proc/98/cmdline	Process not Found
/proc/251/cmdline	/proc/251/cmdline	Process not Found
/proc/3/fd	/proc/3/fd	Process not Found
/proc/21/fd	/proc/21/fd	Process not Found
/proc/163/cmdline	/proc/163/cmdline	Process not Found
/proc/347/cmdline	/proc/347/cmdline	Process not Found
/proc/370/cmdline	/proc/370/cmdline	Process not Found
/proc/8/fd	/proc/8/fd	Process not Found
/proc/15/fd	/proc/15/fd	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/83/cmdline	/proc/83/cmdline	Process not Found
/proc/160/cmdline	/proc/160/cmdline	Process not Found
/proc/28/cmdline	/proc/28/cmdline	Process not Found
/proc/35/cmdline	/proc/35/cmdline	Process not Found
/proc/16/fd	/proc/16/fd	Process not Found
/proc/32/cmdline	/proc/32/cmdline	Process not Found
/proc/394/cmdline	/proc/394/cmdline	Process not Found
/proc/27/fd	/proc/27/fd	Process not Found
/proc/393/cmdline	/proc/393/cmdline	Process not Found
/proc/24/fd	/proc/24/fd	Process not Found
/proc/25/fd	/proc/25/fd	Process not Found
/proc/5/cmdline	/proc/5/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/26/cmdline	/proc/26/cmdline	Process not Found
/proc/30/cmdline	/proc/30/cmdline	Process not Found
/proc/79/cmdline	/proc/79/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/252/cmdline	/proc/252/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/31/cmdline	/proc/31/cmdline	Process not Found
/proc/350/cmdline	/proc/350/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/127/cmdline	/proc/127/cmdline	Process not Found
/proc/17/fd	/proc/17/fd	Process not Found
/proc/85/cmdline	/proc/85/cmdline	Process not Found
/proc/309/cmdline	/proc/309/cmdline	Process not Found
/proc/541/cmdline	/proc/541/cmdline	Process not Found
/proc/4/fd	/proc/4/fd	Process not Found
/proc/36/cmdline	/proc/36/cmdline	Process not Found
/proc/5/fd	/proc/5/fd	Process not Found
/proc/12/fd	/proc/12/fd	Process not Found
/proc/22/fd	/proc/22/fd	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/349/cmdline	/proc/349/cmdline	Process not Found
/proc/156/cmdline	/proc/156/cmdline	Process not Found
/proc/sys/vm/overcommit_memory	/proc/sys/vm/overcommit_memory	Process not Found
/proc/14/fd	/proc/14/fd	Process not Found
/proc/153/cmdline	/proc/153/cmdline	Process not Found
/proc/165/cmdline	/proc/165/cmdline	Process not Found
/proc/23/fd	/proc/23/fd	Process not Found
/proc/26/fd	/proc/26/fd	Process not Found
/proc/25/cmdline	/proc/25/cmdline	Process not Found
/proc/82/cmdline	/proc/82/cmdline	Process not Found
/proc/164/cmdline	/proc/164/cmdline	Process not Found
/proc/332/cmdline	/proc/332/cmdline	Process not Found
/proc/7/fd	/proc/7/fd	Process not Found
/proc/13/fd	/proc/13/fd	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found

/tmp/6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
/tmp/6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
1⤵
- Reads runtime system information
PID:571

/bin/sh
sh -c "/usr/bin/kthreadd &"
1⤵
PID:580
- /usr/bin/kthreadd
  /usr/bin/kthreadd
  2⤵
  PID:582

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...