rekoobe | 73bbabc65f884f89653a156e432788b5541a169036d364c2d769f6053960351f | Triage

Sharing

General

Target

73bbabc65f884f89653a156e432788b5541a169036d364c2d769f6053960351f
Size

84KB
Sample

221203-3r92fsga93
MD5

0cda4f097a9b072f4dd8bf3ac6cf273a
SHA1

d3c4bd3ba3775af039bd30e47ca43ff6ca285297
SHA256

73bbabc65f884f89653a156e432788b5541a169036d364c2d769f6053960351f
SHA512

3a5c659cac487ab55271e9d1fb8857db49af049755c8b3fb1fb91f9321ad01b9dfe2c7e657cd34131df428b5d16fc0af5802403891b1a96a326b4470855f9667
SSDEEP

1536:QahOrhUNuV9NnkqnhhWMC8tOadBvwZoXRUqHekyN/1H5xuM8b/3d:Q5JxkqnhhWMhtOqcoXRUq+xN/1Zx2r3

Score

10^/10

rekoobe linux

Malware Config

Extracted

Family

rekoobe

C2

118.24.150.172:1234

118.24.150.172:5555

Targets

- Target
  
  73bbabc65f884f89653a156e432788b5541a169036d364c2d769f6053960351f
- Size
  
  84KB
- MD5
  
  0cda4f097a9b072f4dd8bf3ac6cf273a
- SHA1
  
  d3c4bd3ba3775af039bd30e47ca43ff6ca285297
- SHA256
  
  73bbabc65f884f89653a156e432788b5541a169036d364c2d769f6053960351f
- SHA512
  
  3a5c659cac487ab55271e9d1fb8857db49af049755c8b3fb1fb91f9321ad01b9dfe2c7e657cd34131df428b5d16fc0af5802403891b1a96a326b4470855f9667
- SSDEEP
  
  1536:QahOrhUNuV9NnkqnhhWMC8tOadBvwZoXRUqHekyN/1H5xuM8b/3d:Q5JxkqnhhWMhtOqcoXRUq+xN/1Zx2r3
Score

8^/10
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1