c830a233f716416e3754e46aa70e049d10989a48028f3879d425c3851c4dd761

Analysis

max time kernel
1598s
max time network
135s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221111-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
30-11-2022 06:02

Target

hsperf
Size

84KB
MD5

75838e5d481da40db2e235a6d5a222ef
SHA1

71449bdde94afd1fe10ad68743ceba67f0975f84
SHA256

c830a233f716416e3754e46aa70e049d10989a48028f3879d425c3851c4dd761
SHA512

be949f6228624fbdeb90f2f167ac60a825321a3fc44a57834c0c12c2fcda39d96e43646d5396eccb09c24cc3b7dff1175461a51c27ac8182e2ab4d97c17f0623
SSDEEP

1536:cgNZiXzc9qrw4NuVRNnUOnhhWcgZOLg2e41E5vqHekyN/1H5xuM8ZcU:clcUrwtFUOnhhWcgELg2vE5vq+xN/1Zq

Score

8^/10

Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.

Processes:

description ioc

/etc/hosts /etc/hosts
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

description ioc

/tmp/.llock /tmp/.llock

description	ioc
/etc/hosts	/etc/hosts

description	ioc
/etc/resolv.conf	/etc/resolv.conf

description	ioc
/tmp/.llock	/tmp/.llock

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact