Overview

overview

9

Static

static

bruteratel...LA.pdf

windows7-x64

1

bruteratel...LA.pdf

windows10-2004-x64

5

bruteratel...eC2.py

ubuntu-18.04-amd64

9

bruteratel...eC2.py

debian-9-armhf

bruteratel...eC2.py

debian-9-mips

bruteratel...eC2.py

debian-9-mipsel

bruteratel...sgs.py

ubuntu-18.04-amd64

1

bruteratel...sgs.py

debian-9-armhf

bruteratel...sgs.py

debian-9-mips

bruteratel...sgs.py

debian-9-mipsel

bruteratel...ner.py

ubuntu-18.04-amd64

9

bruteratel...ner.py

debian-9-armhf

bruteratel...ner.py

debian-9-mips

bruteratel...ner.py

debian-9-mipsel

bruteratel...ier.py

ubuntu-18.04-amd64

9

bruteratel...ier.py

debian-9-armhf

bruteratel...ier.py

debian-9-mips

bruteratel...ier.py

debian-9-mipsel

bruteratel...ssl.sh

ubuntu-18.04-amd64

5

bruteratel...ssl.sh

debian-9-armhf

5

bruteratel...ssl.sh

debian-9-mips

1

bruteratel...ssl.sh

debian-9-mipsel

1

bruteratel...all.sh

ubuntu-18.04-amd64

8

bruteratel...all.sh

debian-9-armhf

1

bruteratel...all.sh

debian-9-mips

8

bruteratel...all.sh

debian-9-mipsel

8

bruteratel...ver.sh

ubuntu-18.04-amd64

5

bruteratel...ver.sh

debian-9-armhf

1

bruteratel...ver.sh

debian-9-mips

5

bruteratel...ver.sh

debian-9-mipsel

5

bruteratel...armx64

ubuntu-18.04-amd64

bruteratel...armx64

debian-9-armhf

Analysis

  • max time kernel
    0s
  • max time network
    103s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    28-09-2022 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bruteratel/adaptiveC2/adaptiveC2.py

  • Size

    11KB

  • MD5

    e0ccf04cbb5a0c28cf1f4ea9c1f407b6

  • SHA1

    2fb1d89db3e61aa3388574d1ac24bee1ee76bbf3

  • SHA256

    87c98199dbe7426a50531436e345b601ca3388e879729ae2d0229be9b2e62a2f

  • SHA512

    71d99020738c2110801fe3676f64b79cdc536539d96c53e4636455d3f65f5894e4e2f574b588eaf1b9d1b1c650d559d8f090add03dd08c5c4613f92932f876f8

  • SSDEEP

    192:BWce98cMQcTMyWtjf2Pf4f6iouwSauLW27NumTzuLZN0sn79snaE4nHBhpLKMfXY:BW0QgBgJouwSauLh7NumTzuLZdn7Cnai

Score
9/10

Malware Config

Signatures

  • Writes file to system bin folder 1 TTPs 1 IoCs
  • Write file to user bin folder 1 TTPs 1 IoCs
  • Writes file to shm directory 2 IoCs

    Malware can drop malicious files in the shm directory which will run directly from RAM.

  • Reads runtime system information 3 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bruteratel/adaptiveC2/adaptiveC2.py
    /tmp/bruteratel/adaptiveC2/adaptiveC2.py
    1⤵
    • Write file to user bin folder
    • Writes file to shm directory
    • Reads runtime system information
    • Writes file to tmp directory
    PID:570
    • /sbin/ldconfig
      /sbin/ldconfig -p
      2⤵
      • Writes file to system bin folder
      PID:571
    • /sbin/ldconfig.real
      /sbin/ldconfig.real -p
      2⤵
        PID:571
      • /bin/sh
        /bin/sh -c "uname -p 2> /dev/null"
        2⤵
          PID:572
          • /bin/uname
            uname -p
            3⤵
              PID:573

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads