d22b76e47d58bed0b4f2bcf1dc22dd9b2d64c9865aa1497a13c43c3184f1e625

Sharing

Copy URL

Twitter E-mail

General

Target

d22b76e47d58bed0b4f2bcf1dc22dd9b2d64c9865aa1497a13c43c3184f1e625
Size

5.6MB
Sample

221126-fhy69sgd2t
MD5

da776a8b9a7e20bb3ae95d9c15a587fa
SHA1

fa0a507c71aa3f4aa6b56ef8e130ba9e07cf4fa1
SHA256

d22b76e47d58bed0b4f2bcf1dc22dd9b2d64c9865aa1497a13c43c3184f1e625
SHA512

1e505a83e5995144c07526ab9dfa8d60cc006cbf8ecd418508b00d988eaba864f297ef7cb2e41b48e6ec36cb251cc9b13915291ae3a2a8c0dba69305d331b713
SSDEEP

98304:R8JzFOHOR8HAluVRg8eSGoJEemFg5+3+6Xsjs8UnRjRd4VfCa+C4XZfo4N4ov2sd:KJQuMV+8eSnEwJ6XsjlURjqA5ff4oumN

Score

9^/10

linux upx

Malware Config

Targets

- Target
  
  goagent-goagent-3f282c0/local/Microsoft.VC90.CRT.manifest
- Size
  
  471B
- MD5
  
  08e85fe5f06cb4120967633447468419
- SHA1
  
  d79ff9cd0c966c23e09bd34c59e07dd656c61568
- SHA256
  
  504e7791b10c5272eb3ea6d335dfbad4f185aa1bb875e76d615b1ee362cea8f3
- SHA512
  
  4e4ee47255d9d41b99bd9dc799102f780a32ebf61c01a52776993a421245e7ac916abc6202ef3a0a981654705ff3080b4d3870a5308bc86a76979db267273424
Score

1^/10
behavioral1 behavioral2
- Target
  
  goagent-goagent-3f282c0/local/Usp10.dll
- Size
  
  88KB
- MD5
  
  0aa357c084039538022f812ff791681d
- SHA1
  
  a8cac315b130df723d3dc1b0ec1df608819a31c0
- SHA256
  
  68baefabf08f9fdb1a2b6bb15715cbee2928a2ae2b84ba141caecee752d4ca98
- SHA512
  
  8602dc09c0e725b8ec704b604d2d95f5400f6a63b0dc8d93c1b7788df252a8c18b7cb6688950c26a3687598b06ce95ce4712b6036ee27af65b015452274bf3d1
- SSDEEP
  
  1536:twHJ5SFonnBd0yChao8dG3bFypSYpoNi2JVr6FZTHxfLwwm+IykV94DVPR2oNY:ap5SOd0y0atdYjYpii2j6FZTRo+o8VPg
Score

1^/10
behavioral3 behavioral4
- Target
  
  goagent-goagent-3f282c0/local/addto-keychain.sh
- Size
  
  274B
- MD5
  
  e7d6d3160b01f60568883e71271be7a3
- SHA1
  
  e71b18e57fdf659d000095bbf6560c851faeca20
- SHA256
  
  ba62fa859faccb95889a3281f400c04ce166b5896ff98aab2128153542b45b60
- SHA512
  
  ed594b7f8e5f2a2429aa0368541207b5d73474555cbd17a6b2120dee00e882d61bbd2c28d7395cf345003b08a58b308c64b0a724df06d0d7c94e9a16a2f1910f
Score

8^/10
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  goagent-goagent-3f282c0/local/addto-startup.py
- Size
  
  1KB
- MD5
  
  ecbb45348a9e210ed527b780ece7377f
- SHA1
  
  838f65e366b48448b715cf700539a13e440c64f0
- SHA256
  
  850641eed79e1783ea0874935f70a603f41840ea7017b2481c943f26c4c54d02
- SHA512
  
  dd39143a72938ab7ada1edcb1ec748f749c374b446325d62d6b61ad19cad50a797cec7b6711c1ffce0594336994dd2c8aeecaf90d1f74a5475e952ab30efa4af
Score

1^/10
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  goagent-goagent-3f282c0/local/addto-startup.vbs
- Size
  
  16KB
- MD5
  
  99416cfcc7e803bfbfa937099e3458a9
- SHA1
  
  712bf10c952d66952e95bb30bc4d5ee4ecdaa30f
- SHA256
  
  aab036c5bfae477675f821eea02f7375a53c54a95d125fa5f760fab6754843ad
- SHA512
  
  fae47055227ef3a53ff2bc3ea5d17a48af9cc8c79ab9f7150dc44656dc0886e999de7deebe33ef20548b23dc3a22b96fe727bef04e86a27f14627072da1a902a
- SSDEEP
  
  96:/GMTDjsu7wSiy9ZMCSKbj3bRB8bYJkYTA1rWs22gQtlkh2RIGo3oYr8MzoM8Mouo:RwSiy9Z9SSzfy22gzsuvYYrxUuo
Score

1^/10
behavioral13 behavioral14
- Target
  
  goagent-goagent-3f282c0/local/certmgr.exe
- Size
  
  57KB
- MD5
  
  229ee3f6a87b33f0c6e589c0ea3cc085
- SHA1
  
  6ca1cedc91693d63ab551768b9cec36646644895
- SHA256
  
  e5fdbb5bcf182f83fd162940125176340aef6b4e4ba43de072ca9ceb5cf1d3b9
- SHA512
  
  a3e8c722e6b05a476ed4025ea59d0e8146b7d86aa6a28c3e639ef2ff86b3b7c5f18270ddefa40c14863a42a3214827c0a1d37ba2eb5cfed46dfd7f266fe7c548
- SSDEEP
  
  768:dhA5+b3eGJhb+eCQRj1V8wBsUD+ptwoVsk0cnjYT3WXsla9iYzv:vAAbJMil1Iptw3k0cnjYT3WXsA9iYzv
Score

1^/10
behavioral15 behavioral16
- Target
  
  goagent-goagent-3f282c0/local/goagent-gtk.py
- Size
  
  2KB
- MD5
  
  b12b647cd35d2ebdb03420f0139e9de5
- SHA1
  
  1541f83fe7f4bf0cf399ebfb19f3a1837699107d
- SHA256
  
  b805192d0b61ed296a7660ecc8dffc60dd6b764fced01f1ca01eb2da0bd2af32
- SHA512
  
  1e1f392d24372c374bfa2dc63cf04437b0b70d3d139f46dc1d7dc6b97a05484008a60430ffd2089a616767fe0d9def113dfd3362b166579cf0655fa7bc0aa955
Score

1^/10
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  goagent-goagent-3f282c0/local/goagent.exe
- Size
  
  141KB
- MD5
  
  3e496d9bc4223a872de72b8264e08493
- SHA1
  
  ba9d166949b350d38e71af717a931324ae2733e6
- SHA256
  
  40975703274347a0d509523aa0945a7c7ac10a793fa9bedc75bcf7a411c1b665
- SHA512
  
  07ff05951c4f5983d9dfd4981253ed78909bedfa1d8d2a9d80adc0344fe6899b177a671aabd7e82131e9b190ad8ece6e69b1b52876381a855f86e1939b9c3303
- SSDEEP
  
  1536:JiJ3LuSEQATGYFOloeoDVRgH8IM3KEa2lsx:UbnuFEoeoDVaHEq2ls
Score

1^/10
behavioral21 behavioral22
- Target
  
  goagent-goagent-3f282c0/local/msvcr100.dll
- Size
  
  755KB
- MD5
  
  bf38660a9125935658cfa3e53fdc7d65
- SHA1
  
  0b51fb415ec89848f339f8989d323bea722bfd70
- SHA256
  
  60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
- SHA512
  
  25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
- SSDEEP
  
  12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
Score

3^/10
behavioral23 behavioral24
- Target
  
  goagent-goagent-3f282c0/local/msvcr90.dll
- Size
  
  640KB
- MD5
  
  e7d91d008fe76423962b91c43c88e4eb
- SHA1
  
  29268ef0cd220ad3c5e9812befd3f5759b27a266
- SHA256
  
  ed0170d3de86da33e02bfa1605eec8ff6010583481b1c530843867c1939d2185
- SHA512
  
  c3d5da1631860c92decf4393d57d8bff0c7a80758c9b9678d291b449be536465bda7a4c917e77b58a82d1d7bfc1f4b3bee9216d531086659c40c41febcdcae92
- SSDEEP
  
  12288:whr4UCeaHTA80gIZ4BgmOEGVN9vtI0E5uO9FAOu8axTFmRyyrRzS:ga2g5gmO791I0E5uO9FANpmRyyg
Score

1^/10
behavioral25 behavioral26
- Target
  
  goagent-goagent-3f282c0/local/proxy.exe
- Size
  
  4.6MB
- MD5
  
  e6e8b487be02878764dfa97535be7ccb
- SHA1
  
  31d4f0b209f6d34795f2f774b8a836d8e179e26b
- SHA256
  
  f5f76f2e900884263008c9d5f7786d7c3473ddbf56437b4b6b69e3226fd20165
- SHA512
  
  f4c043122fa1f984a1bd04074f3156bfdd7c88a7323b20944695b58a985f456408ccfec8076814e7211ee1351b400fa911413413de1784d4c56ac47ca2014460
- SSDEEP
  
  98304:5cuLUwrpCciKZo138MeHIm+C5/nD5bZ3enZGuk4SC5vL+DhZ:eMCci1dSeZGpC5vK
Score

1^/10
behavioral27 behavioral28
- Target
  
  goagent-goagent-3f282c0/server/python/application
- Size
  
  727B
- MD5
  
  38e8fd1809d63f8b94df9548186a9d08
- SHA1
  
  997fc9995d8dc1e11816ee3d26ec7e4ac18e1478
- SHA256
  
  f022b6ddabb41bc4ddb32444e76f5683463175f04be231c6eac671684bbfcefe
- SHA512
  
  3d112e0642a3d2bfc63dbb20faec6356fe97a9dc9ded5a8b1f9c85f469a4eaf6d9c4fb841e46d1922df23fd6d7a004e1d0fa0293f008c5bac08db88daf920775
Score

1^/10
behavioral29 behavioral30 behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

T1568

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies hosts file

Writes DNS configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32