79916343b93a5a7ac7b7133a26b77b8d7d0471b3204eae78a8e8091bfe19dc8c

Analysis

max time kernel
2211s
max time network
101s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221111-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
03-12-2022 23:43

Target

79916343b93a5a7ac7b7133a26b77b8d7d0471b3204eae78a8e8091bfe19dc8c
Size

84KB
MD5

791dd369c4acf8603a05de1e1dc53e64
SHA1

0cae8afef7e715019ef969b83bc1e4d3a2d531c7
SHA256

79916343b93a5a7ac7b7133a26b77b8d7d0471b3204eae78a8e8091bfe19dc8c
SHA512

61ddc417754fe6cb6518c2a69eeb3367cd46cf53716dbb90aa233a5c35b8467ebfe30d4604099dee623cb17bae42998ea9a98d114ce1a8190eed3757f08aeb41
SSDEEP

1536:QahOrhUNuV9NnkqnhhWMC8tOadBvwZoXRUqHekyN/1H5xuM8b/3d:Q5JxkqnhhWMhtOqcoXRUq+xN/1Zx2r3

Score

8^/10

Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

description ioc

/tmp/.llock /tmp/.llock

description	ioc
/etc/resolv.conf	/etc/resolv.conf

description	ioc
/tmp/.llock	/tmp/.llock

/tmp/79916343b93a5a7ac7b7133a26b77b8d7d0471b3204eae78a8e8091bfe19dc8c
/tmp/79916343b93a5a7ac7b7133a26b77b8d7d0471b3204eae78a8e8091bfe19dc8c
1⤵
PID:607

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact