Overview

overview

10

Static

static

10

hsperf

debian-9-armhf

hsperf

debian-9-mips

hsperf

debian-9-mipsel

hsperf

ubuntu-18.04-amd64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hsperf

  • Size

    84KB

  • Sample

    221130-grmp9sch69

  • MD5

    75838e5d481da40db2e235a6d5a222ef

  • SHA1

    71449bdde94afd1fe10ad68743ceba67f0975f84

  • SHA256

    c830a233f716416e3754e46aa70e049d10989a48028f3879d425c3851c4dd761

  • SHA512

    be949f6228624fbdeb90f2f167ac60a825321a3fc44a57834c0c12c2fcda39d96e43646d5396eccb09c24cc3b7dff1175461a51c27ac8182e2ab4d97c17f0623

  • SSDEEP

    1536:cgNZiXzc9qrw4NuVRNnUOnhhWcgZOLg2e41E5vqHekyN/1H5xuM8ZcU:clcUrwtFUOnhhWcgELg2vE5vq+xN/1Zq

Score
10/10
rekoobelinux

Malware Config

Extracted

Family

rekoobe

C2

cloud.awsxtd.com:443

Targets

    • Target

      hsperf

    • Size

      84KB

    • MD5

      75838e5d481da40db2e235a6d5a222ef

    • SHA1

      71449bdde94afd1fe10ad68743ceba67f0975f84

    • SHA256

      c830a233f716416e3754e46aa70e049d10989a48028f3879d425c3851c4dd761

    • SHA512

      be949f6228624fbdeb90f2f167ac60a825321a3fc44a57834c0c12c2fcda39d96e43646d5396eccb09c24cc3b7dff1175461a51c27ac8182e2ab4d97c17f0623

    • SSDEEP

      1536:cgNZiXzc9qrw4NuVRNnUOnhhWcgZOLg2e41E5vqHekyN/1H5xuM8ZcU:clcUrwtFUOnhhWcgELg2vE5vq+xN/1Zq

    Score
    8/10

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Tasks