275d63587f3ac511d7cca5ff85af2914e74d8b68edd5a7a8a1609426d5b7f6a9

Analysis

max time kernel
31416s
max time network
142s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
03-12-2022 23:46

Target

275d63587f3ac511d7cca5ff85af2914e74d8b68edd5a7a8a1609426d5b7f6a9
Size

84KB
MD5

0a35e06f53c17ab1c8e18e7e0c0821d8
SHA1

14fd16e6465b74c5ac4dc895f4c15bccb447af31
SHA256

275d63587f3ac511d7cca5ff85af2914e74d8b68edd5a7a8a1609426d5b7f6a9
SHA512

e15391a43ba7aa986138d38530fb77a671ec1aef18a21699700fc0a35bd122207c8f97bc6ae6989a37c4ab629ee980037530c8f1070da5594a9112a02b2589ba
SSDEEP

1536:cgNZiXzc9qrw4NuVRNnUOnhhWcgZOLg2e41E5vqHekyN/1H5xuM8ZcU:clcUrwtFUOnhhWcgELg2vE5vq+xN/1Zq

Score

8^/10

Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

description ioc

/etc/resolv.conf /etc/resolv.conf
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

description ioc

/tmp/.llock /tmp/.llock

description	ioc
/etc/resolv.conf	/etc/resolv.conf

description	ioc
/tmp/.llock	/tmp/.llock

/tmp/275d63587f3ac511d7cca5ff85af2914e74d8b68edd5a7a8a1609426d5b7f6a9
/tmp/275d63587f3ac511d7cca5ff85af2914e74d8b68edd5a7a8a1609426d5b7f6a9
1⤵
PID:593

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact