rekoobe | c830a233f716416e3754e46aa70e049d10989a48028f3879d425c3851c4dd761 | Triage

Sharing

General

Target

hsperf
Size

84KB
Sample

221130-grmp9sch69
MD5

75838e5d481da40db2e235a6d5a222ef
SHA1

71449bdde94afd1fe10ad68743ceba67f0975f84
SHA256

c830a233f716416e3754e46aa70e049d10989a48028f3879d425c3851c4dd761
SHA512

be949f6228624fbdeb90f2f167ac60a825321a3fc44a57834c0c12c2fcda39d96e43646d5396eccb09c24cc3b7dff1175461a51c27ac8182e2ab4d97c17f0623
SSDEEP

1536:cgNZiXzc9qrw4NuVRNnUOnhhWcgZOLg2e41E5vqHekyN/1H5xuM8ZcU:clcUrwtFUOnhhWcgELg2vE5vq+xN/1Zq

Score

10^/10

rekoobe linux

Malware Config

Extracted

Family

rekoobe

C2

cloud.awsxtd.com:443

Targets

- Target
  
  hsperf
- Size
  
  84KB
- MD5
  
  75838e5d481da40db2e235a6d5a222ef
- SHA1
  
  71449bdde94afd1fe10ad68743ceba67f0975f84
- SHA256
  
  c830a233f716416e3754e46aa70e049d10989a48028f3879d425c3851c4dd761
- SHA512
  
  be949f6228624fbdeb90f2f167ac60a825321a3fc44a57834c0c12c2fcda39d96e43646d5396eccb09c24cc3b7dff1175461a51c27ac8182e2ab4d97c17f0623
- SSDEEP
  
  1536:cgNZiXzc9qrw4NuVRNnUOnhhWcgZOLg2e41E5vqHekyN/1H5xuM8ZcU:clcUrwtFUOnhhWcgELg2vE5vq+xN/1Zq
Score

8^/10
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4