fdbbca6b638baf1288fe36f2335e1685236d5494d750381a6831601f8996f1af

Analysis

max time kernel
30240s
max time network
103s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
23-11-2022 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdbbca6b638baf1288fe36f2335e1685236d5494d750381a6831601f8996f1af
Size

25KB
MD5

c8e4143d7f6bb4bd0f0a82b677ad1cb2
SHA1

81da30ca8f4c2774f82680731c49be354a07deae
SHA256

fdbbca6b638baf1288fe36f2335e1685236d5494d750381a6831601f8996f1af
SHA512

59c26e31ea8fe81d5389c74c0f92625c7b428df6e0c491a53fce666fbe3e69c3b2746a537e3c4d46541cbf2467ddbc906839698fdcbd9684d70be3a9539da454
SSDEEP

384:3AGsevQ4rDp2q7wuG5q6Q7fy4U+07kL3lT:bsevQ4rDp2q7hG5qJmo0oL3N

Score

8^/10

Malware Config

Signatures

Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.

Processes:

description ioc

/etc/hosts /etc/hosts
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf

description	ioc
/etc/hosts	/etc/hosts

description	ioc
/etc/resolv.conf	/etc/resolv.conf

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

fdbbca6b638baf1288fe36f2335e1685236d5494d750381a6831601f8996f1af

description	ioc	process
/tmp/fdbbca6b638baf1288fe36f2335e1685236d5494d750381a6831601f8996f1af	/tmp/fdbbca6b638baf1288fe36f2335e1685236d5494d750381a6831601f8996f1af	fdbbca6b638baf1288fe36f2335e1685236d5494d750381a6831601f8996f1af

/tmp/fdbbca6b638baf1288fe36f2335e1685236d5494d750381a6831601f8996f1af
/tmp/fdbbca6b638baf1288fe36f2335e1685236d5494d750381a6831601f8996f1af
1⤵
- Writes file to tmp directory
PID:576

/usr/local/sbin/uname
uname -a
2⤵
PID:577

/usr/local/bin/uname
uname -a
2⤵
PID:577

/usr/sbin/uname
uname -a
2⤵
PID:577

/usr/bin/uname
uname -a
2⤵
PID:577

/sbin/uname
uname -a
2⤵
PID:577

/bin/uname
uname -a
2⤵
PID:577

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads