55c92d64ffa9d170e340e0528dc8ea1fa9be98f91db891869947c5b168a728c8

Analysis

max time kernel
30411s
max time network
155s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
25-11-2022 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55c92d64ffa9d170e340e0528dc8ea1fa9be98f91db891869947c5b168a728c8
Size

2.1MB
MD5

17b5c3bbe911c2bfe074b67f9c021939
SHA1

b617d3381a346c4667286397c6cfa8ef1a6f6645
SHA256

55c92d64ffa9d170e340e0528dc8ea1fa9be98f91db891869947c5b168a728c8
SHA512

9091b14dd7f4f4fd1c1f8fc6b64bd8cc8bff1bb3b63b2d0089eff0aad3a3d0f3ab276b797a08ce2ecba731233ff2538a17f8662942959ed378ab5ae6198bea83
SSDEEP

49152:BwMSS60Cy0UBWQlvVwD4SLPiYwaVRKk3tpG+rNg7s45:H1UUcaNur4CB9pG+r38

Score

10^/10

royalmail discovery phishing

Malware Config

Signatures

Detected phishing page
phishing
Detected royalmail phishing page
phishing royalmail
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.

Processes:

description ioc

/etc/hosts /etc/hosts
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf

description	ioc
/etc/hosts	/etc/hosts

description	ioc
/etc/resolv.conf	/etc/resolv.conf

Reads runtime system information 3 IoCs

Reads data from /proc virtual filesystem.

Processes:

55c92d64ffa9d170e340e0528dc8ea1fa9be98f91db891869947c5b168a728c8

description	ioc	process
/proc/self/exe	/proc/self/exe	55c92d64ffa9d170e340e0528dc8ea1fa9be98f91db891869947c5b168a728c8
/proc/sys/net/core/somaxconn	/proc/sys/net/core/somaxconn	55c92d64ffa9d170e340e0528dc8ea1fa9be98f91db891869947c5b168a728c8
/proc/sys/kernel/hostname	/proc/sys/kernel/hostname

GoLang User-Agent 16 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

Processes:

description	flow	ioc
HTTP User-Agent header	63815	Go-http-client/1.1
HTTP User-Agent header	10600	Go-http-client/1.1
HTTP User-Agent header	13366	Go-http-client/1.1
HTTP User-Agent header	14160	Go-http-client/1.1
HTTP User-Agent header	58039	Go-http-client/1.1
HTTP User-Agent header	60346	Go-http-client/1.1
HTTP User-Agent header	61859	Go-http-client/1.1
HTTP User-Agent header	41952	Go-http-client/1.1
HTTP User-Agent header	44263	Go-http-client/1.1
HTTP User-Agent header	53720	Go-http-client/1.1
HTTP User-Agent header	23635	Go-http-client/1.1
HTTP User-Agent header	34931	Go-http-client/1.1
HTTP User-Agent header	34960	Go-http-client/1.1
HTTP User-Agent header	38331	Go-http-client/1.1
HTTP User-Agent header	17880	Go-http-client/1.1
HTTP User-Agent header	42030	Go-http-client/1.1

/tmp/55c92d64ffa9d170e340e0528dc8ea1fa9be98f91db891869947c5b168a728c8
/tmp/55c92d64ffa9d170e340e0528dc8ea1fa9be98f91db891869947c5b168a728c8
1⤵
- Reads runtime system information
PID:593

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads