4abf780890f5f6955991fc1278c6eb01a0f0b2d9be60bec591b71a5cf4738040 | Triage

Sharing

General

Target

4abf780890f5f6955991fc1278c6eb01a0f0b2d9be60bec591b71a5cf4738040
Size

70KB
Sample

221129-a47gwadh97
MD5

013158b4ae1c35f94a1603dc8dff2851
SHA1

3b1b78e783b4b28398ce091a003edec5682c1602
SHA256

4abf780890f5f6955991fc1278c6eb01a0f0b2d9be60bec591b71a5cf4738040
SHA512

562f890419a67d7443fb34634e4408a0d57741e1d2379b5bbb3fa7e2e804d6e2c6d551c28b8e6fe4e12ddae13bea61b2d6c419d865d9aec138b7e97ca434c9a2
SSDEEP

1536:o8ItQU5WSItwjAZXDE7GueD065cLuyidMdduh28:o/Q5SItwjAZXDE7GueD065QuyP+28

Score

8^/10

discovery linux

Malware Config

Targets

- Target
  
  4abf780890f5f6955991fc1278c6eb01a0f0b2d9be60bec591b71a5cf4738040
- Size
  
  70KB
- MD5
  
  013158b4ae1c35f94a1603dc8dff2851
- SHA1
  
  3b1b78e783b4b28398ce091a003edec5682c1602
- SHA256
  
  4abf780890f5f6955991fc1278c6eb01a0f0b2d9be60bec591b71a5cf4738040
- SHA512
  
  562f890419a67d7443fb34634e4408a0d57741e1d2379b5bbb3fa7e2e804d6e2c6d551c28b8e6fe4e12ddae13bea61b2d6c419d865d9aec138b7e97ca434c9a2
- SSDEEP
  
  1536:o8ItQU5WSItwjAZXDE7GueD065cLuyidMdduh28:o/Q5SItwjAZXDE7GueD065QuyP+28
Score

8^/10

discovery
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4