38facb965b81f50688bc6ae1ae6132e2cf87679b3e60fdd96772c2c5a81411b1

Analysis

max time kernel
0s
max time network
102s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
29-11-2022 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InstaReport-main/libs/proxy_harvester.py
Size

5KB
MD5

f09668f57c9efeba7d03a3816f5198f3
SHA1

fd60c8ecc498d59bf4673fcbf525980e62d2b374
SHA256

bf61a917f402f5ec1064f235eb4318e8bcaa5ca651eaba366485ba46551f296d
SHA512

2e4663695777238f667113ed2e0f2d6f5eddd8baa0008267b78e4dc059fc16b18c87dd6dd2750617b2c0a805f8690d34a3f814c703d65ac664c375c122986fef
SSDEEP

96:lG2Hnwnqi69WN8dEGdZNXLI4PRrdEfPxDPird5EdeP20rdwBP2brdd3I3Mdc:lGQ3WN5NfPxQEdde3I3Mm

Score

9^/10

Malware Config

Signatures

Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow
T1574

Processes:

ldconfig

description ioc process

/sbin/ldconfig /sbin/ldconfig ldconfig
Write file to user bin folder 1 TTPs 1 IoCs

Hijack Execution Flow
T1574

Processes:

python3

description ioc process

/usr/bin/pyvenv.cfg /usr/bin/pyvenv.cfg python3
Reads runtime system information 3 IoCs
Reads data from /proc virtual filesystem.

Processes:

python3

description ioc process

/proc/self/status /proc/self/status python3
/proc/mounts /proc/mounts python3
/proc/self/fd /proc/self/fd

description	ioc	process
/sbin/ldconfig	/sbin/ldconfig	ldconfig

description	ioc	process
/usr/bin/pyvenv.cfg	/usr/bin/pyvenv.cfg	python3

description	ioc	process
/proc/self/status	/proc/self/status	python3
/proc/mounts	/proc/mounts	python3
/proc/self/fd	/proc/self/fd

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

Processes:

python3

description	ioc	process
/tmp/InstaReport-main/libs/proxy_harvester.py	/tmp/InstaReport-main/libs/proxy_harvester.py	python3
/tmp/InstaReport-main/libs	/tmp/InstaReport-main/libs	python3

/tmp/InstaReport-main/libs/proxy_harvester.py
/tmp/InstaReport-main/libs/proxy_harvester.py
1⤵
PID:593

/usr/local/sbin/python3
python3 /tmp/InstaReport-main/libs/proxy_harvester.py
1⤵
PID:593

/usr/local/bin/python3
python3 /tmp/InstaReport-main/libs/proxy_harvester.py
1⤵
PID:593

/usr/sbin/python3
python3 /tmp/InstaReport-main/libs/proxy_harvester.py
1⤵
PID:593

/usr/bin/python3
python3 /tmp/InstaReport-main/libs/proxy_harvester.py
1⤵
- Write file to user bin folder
- Reads runtime system information
- Writes file to tmp directory
PID:593

/sbin/ldconfig
/sbin/ldconfig -p
2⤵
- Writes file to system bin folder
PID:594

/sbin/ldconfig.real
/sbin/ldconfig.real -p
2⤵
PID:594

/bin/sh
/bin/sh -c "uname -p 2> /dev/null"
2⤵
PID:599

/bin/uname
uname -p
3⤵
PID:600

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads