0784e1bee6469df56bfa5202ac753163467c96f48956227022435868cc8398ab

Analysis

max time kernel
0s
max time network
102s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
26/09/2022, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
Size

1.4MB
MD5

07c4131be372493c131bb3a334b789d7
SHA1

a9edf9d076d7990856aa8c9125c292c2fac5dbd1
SHA256

6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
SHA512

c2c07e0a6c1704a2d205e92f022b1cb4c2c83e259f7cfa56b8aeb0fbd46d3d853aa687ecc3a13c381520d3a1e2c63e0716fa2eb453d39128c0d793c912cf3322
SSDEEP

24576:ImOowyo1GbbuetXKl0UOIPbaTk4JKqTJuMo/gy+HedY3wMn9J0a6s4AvQdHaTQwJ:bDt/uekPDo0Ku9M7n9Ca6s4cQd6TB40

Score

8^/10

Malware Config

Signatures

Modifies hosts file 1 IoCs

Adds to hosts file used for mapping hosts to IP addresses.

description	ioc
/etc/hosts	/etc/hosts

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc
/etc/resolv.conf	/etc/resolv.conf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/self/exe	/proc/self/exe	6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
/proc/filesystems	/proc/filesystems	6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
/proc/11/fd	/proc/11/fd	Process not Found
/proc/98/cmdline	/proc/98/cmdline	Process not Found
/proc/251/cmdline	/proc/251/cmdline	Process not Found
/proc/3/fd	/proc/3/fd	Process not Found
/proc/21/fd	/proc/21/fd	Process not Found
/proc/163/cmdline	/proc/163/cmdline	Process not Found
/proc/347/cmdline	/proc/347/cmdline	Process not Found
/proc/370/cmdline	/proc/370/cmdline	Process not Found
/proc/8/fd	/proc/8/fd	Process not Found
/proc/15/fd	/proc/15/fd	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/83/cmdline	/proc/83/cmdline	Process not Found
/proc/160/cmdline	/proc/160/cmdline	Process not Found
/proc/28/cmdline	/proc/28/cmdline	Process not Found
/proc/35/cmdline	/proc/35/cmdline	Process not Found
/proc/16/fd	/proc/16/fd	Process not Found
/proc/32/cmdline	/proc/32/cmdline	Process not Found
/proc/394/cmdline	/proc/394/cmdline	Process not Found
/proc/27/fd	/proc/27/fd	Process not Found
/proc/393/cmdline	/proc/393/cmdline	Process not Found
/proc/24/fd	/proc/24/fd	Process not Found
/proc/25/fd	/proc/25/fd	Process not Found
/proc/5/cmdline	/proc/5/cmdline	Process not Found
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/26/cmdline	/proc/26/cmdline	Process not Found
/proc/30/cmdline	/proc/30/cmdline	Process not Found
/proc/79/cmdline	/proc/79/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/252/cmdline	/proc/252/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/31/cmdline	/proc/31/cmdline	Process not Found
/proc/350/cmdline	/proc/350/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/127/cmdline	/proc/127/cmdline	Process not Found
/proc/17/fd	/proc/17/fd	Process not Found
/proc/85/cmdline	/proc/85/cmdline	Process not Found
/proc/309/cmdline	/proc/309/cmdline	Process not Found
/proc/541/cmdline	/proc/541/cmdline	Process not Found
/proc/4/fd	/proc/4/fd	Process not Found
/proc/36/cmdline	/proc/36/cmdline	Process not Found
/proc/5/fd	/proc/5/fd	Process not Found
/proc/12/fd	/proc/12/fd	Process not Found
/proc/22/fd	/proc/22/fd	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/349/cmdline	/proc/349/cmdline	Process not Found
/proc/156/cmdline	/proc/156/cmdline	Process not Found
/proc/sys/vm/overcommit_memory	/proc/sys/vm/overcommit_memory	Process not Found
/proc/14/fd	/proc/14/fd	Process not Found
/proc/153/cmdline	/proc/153/cmdline	Process not Found
/proc/165/cmdline	/proc/165/cmdline	Process not Found
/proc/23/fd	/proc/23/fd	Process not Found
/proc/26/fd	/proc/26/fd	Process not Found
/proc/25/cmdline	/proc/25/cmdline	Process not Found
/proc/82/cmdline	/proc/82/cmdline	Process not Found
/proc/164/cmdline	/proc/164/cmdline	Process not Found
/proc/332/cmdline	/proc/332/cmdline	Process not Found
/proc/7/fd	/proc/7/fd	Process not Found
/proc/13/fd	/proc/13/fd	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found

/tmp/6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
/tmp/6b1e400a23ea015639fba022801cd543b1acc2b0db897bea13c71f2b28b43906
1⤵
- Reads runtime system information
PID:571

/bin/sh
sh -c "/usr/bin/kthreadd &"
1⤵
PID:580
- /usr/bin/kthreadd
  /usr/bin/kthreadd
  2⤵
  PID:582

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads