General

  • Target

    xray_crack-d4m1ts.zip

  • Size

    24.2MB

  • Sample

    221128-zjp5jaac5z

  • MD5

    a6f828c61d0292f3fcd123f014907b07

  • SHA1

    a13f5583eef3cfe637ea4384aaab230fec31cf02

  • SHA256

    9c147db891124e75eb26c474b7263a2149f2441fd28545516990ef496901a26d

  • SHA512

    91ef1c4b33722e1648c1712d3f68ee6d59a50aa03b917b385065535a6a96b44c8af34667b5a696a9f406c5a0862f4e2990311313b5c9dd79ab8b11cc1ccbb76e

  • SSDEEP

    786432:wLLhyDQJ2BsSaToE2efb6OhvV7n0CYHb2Doao:ehg1ecE2ejBhv50C+SDoD

Malware Config

Targets

    • Target

      xray_crack-d4m1ts/crack_linux.sh

    • Size

      256B

    • MD5

      502e0c9875c77e38aef13f792e6cd128

    • SHA1

      aabf4c3cc687bb1f1b56d8f230be312b405e8c58

    • SHA256

      628da045c7594a1479da038939e7c63f2c8bee5971a6a7bd6ca02753a2819eb4

    • SHA512

      e4185ff019ca414a238278a562f55782a588e0af2972f6eb40ba850f4a0e913164e57322d372ac8ce69b46676356c31191a7a0a61148c6d173726411e7214cec

    Score
    8/10
    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    • Target

      xray_crack-d4m1ts/crack_mac.sh

    • Size

      226B

    • MD5

      3b8baafd01ec69685a57f0a3486bf617

    • SHA1

      a420ab5d2ef16156ba0f68874f56c09872bc4421

    • SHA256

      130273a5d87094fcf2df422e117f06415abdbcc36a5dd441292526f1e7512001

    • SHA512

      376b01d0a3a1e76c8f3c9d8768b00a29293035ed06a423670a2d607f585be91a247e971ca52e589794cbec4c0cdc470d8a3d004bd617f62fba16ae566413ce02

    Score
    8/10
    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    • Target

      xray_crack-d4m1ts/xray

    • Size

      45.4MB

    • MD5

      d1eafb0579140a75405c34947fa86bbf

    • SHA1

      d4989826641466dd682dac360bd4c599ea09e6b5

    • SHA256

      e500f6f31c769063fea1f39b44a28b14f00ed278bb1286a0334aedfd333b0f48

    • SHA512

      40bd41237dc83ec65aebc3448a6f58147019acc27a06f4aff38a095122a3c1ea93401cafea8bc64b737b15bc4e2bd77b2a8f88bb8b11ce755eda8807beedd513

    • SSDEEP

      393216:lUGzOzZ0kLcIGcUxel8cSG6NGddS+7AzyET:eGzOzZ0k9Ui87G6V

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hijack Execution Flow

2
T1574

Privilege Escalation

Hijack Execution Flow

2
T1574

Defense Evasion

Hijack Execution Flow

2
T1574

Discovery

System Information Discovery

1
T1082

Command and Control

Dynamic Resolution

2
T1568

Tasks