General

  • Target

    79152a7ad0c3c51934026fa8b106e4465acf0985

  • Size

    2.2MB

  • Sample

    230106-hqcz4seg34

  • MD5

    735e23658b2a84b6d41e1eb4fe6a53e1

  • SHA1

    79152a7ad0c3c51934026fa8b106e4465acf0985

  • SHA256

    4be5eb2191071fdf496ff4df7a570d03dc9114190df1614c0a18465a48a8079d

  • SHA512

    5b9ef638c89d3d975e2d5246d61b0dc07c99790963c54e2e75c8e94e1f3538f8cdabf1ef94d55cf77a313546cc765b71ec910b38bf6a3f969f39370bd52a4270

  • SSDEEP

    49152:DJMych6OZaIU6M9yZ29jsE4dKi4qi7/RhQrM+mvsx562dQ10LIKR7aLw:DJmAJI9M9yZqQEmKlqi7REM+mvb2TEK9

Score
9/10

Malware Config

Targets

    • Target

      .rsync/c/go

    • Size

      398B

    • MD5

      1553384ee57751af771a9389b7393b93

    • SHA1

      e33a67fde9cf13c077da652fbdec07957fff2372

    • SHA256

      98dffdabf9caf512c8c9090e8c9b77a04d6ce31bbd13afe4f09668a4f2eacc2f

    • SHA512

      d406796ebae8bf724f7c18371ba6d86ef491ad0745dd64d0eaaffee9daca3954d9429c8c4e87c404338b839b47a30a6791ef25663239e4a5f0ea5113fa9b6b49

    Score
    5/10
    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    • Target

      .rsync/c/lib/32/libc.so.6

    • Size

      1.7MB

    • MD5

      5efa4121a76c377005e2f75c65ead6c4

    • SHA1

      d113ad309edaa3902fb7a5ddb84236a4db651667

    • SHA256

      fab65ef05cd63c452a554a0c0808d3773be9fcc7e9a82ca36ae21c8f2db45454

    • SHA512

      6d639eceb6b50fdaa6da8e89a4de3febbe6011b862c03426703d94e4bc419af56ad457a8b1a8bc997157031b5db76e84b0f9e7d012e83c5430fdd29eec951b1b

    • SSDEEP

      49152:30K4/W3GBsqM/KW05skZzVIdhK6hNIhdUhTh0Vdwas9:30K4/gf/KWqZzVIPzhNIhdUhTh0j

    Score
    1/10
    • Target

      .rsync/c/lib/32/libdl.so.2

    • Size

      13KB

    • MD5

      92f19f5b4b9e548f84167b66ee9a025c

    • SHA1

      e7055579bd464efed60f75d36afb6b2fb716e4e6

    • SHA256

      625ac196ce9304e9866091adbe3049f3d6db2d0ed19006a3f059f16c91842e8d

    • SHA512

      d240c3fe3df810b0bc8b121826445f08f2245746f40db20249cb6328c5ac20ae5ddec6221459256105482316c52072b5084750d45dddbe471b80eac7ff34c849

    • SSDEEP

      192:dRk8ptpli4NBX3DgyxD5gBe8wfCc40YnJITI9obKWWBqyPtWuLUYF1TnbJA+Hhbz:XJU4rz5xMjwf9Yn1KbJW44UEFwc9RMB

    Score
    1/10
    • Target

      .rsync/c/lib/32/libnss_dns.so.2

    • Size

      21KB

    • MD5

      2060b911f9dea4868008a118a05c3b5c

    • SHA1

      2517c720af5bd9d2f8ae2f0ff4af719dea0897d7

    • SHA256

      6ececee805321cab411b8096c0278e3439345c7a908c827660b159f33721e52a

    • SHA512

      4e59c311cb36128c03d2d20015a1774ebd16c942529ed36a1c61a2927838982c41b577cb974e00f400c87c9ad1471e770d851882a0b08f65aae7736631baad65

    • SSDEEP

      384:sx7Mk94cggxdSzSBqYXcoA5C8AHbysQpKihroSUT6ZTSa3DGB/i7eX:sx7Mk95fXSz2+n5xZsQpN+GpGB/weX

    Score
    1/10
    • Target

      .rsync/c/lib/32/libnss_files.so.2

    • Size

      45KB

    • MD5

      a29bf9d123163547c6da2fec9b5b966f

    • SHA1

      5e621e6c0a7f3c93eee63322b5ab463fc643528b

    • SHA256

      c9d9c6ba9e9c4f146b7b750964edbf19776833e7ad262bbf9c1b066e21b48726

    • SHA512

      ce7b18e2bad667cea6fdc7b5381a0b0dc8aa96754aa9de0f437cae035e94e167d9a866148b6635a1c2b0d75c8a20f31cc6bddfea3b039e8545170913da5485fd

    • SSDEEP

      768:SiYIe325+qpfTRuz5pGF6Lr/JeaBzjQa/KQAG8rfpsp8QFUETtr2S:S6e3251tuzvs6waBzsa/KQAV1uTtr

    Score
    1/10
    • Target

      .rsync/c/lib/32/libpthread.so.0

    • Size

      131KB

    • MD5

      75e1a716e551baf6642bb528dc54827c

    • SHA1

      45bb73434f758614b05674448a1b75d4ea94e14a

    • SHA256

      36eb6ba6e40581345d15c98f6dce9a4be32318edac04ede7196e4b89aba80cdc

    • SHA512

      bc73c1d645f5f310741353f7af901b94114bb9e436a8895f471f4129a9a81bd341a7436b990a600dd6a2f4e8097b5043d13079f060e3c568a7cfabe522e13e1c

    • SSDEEP

      3072:l1rnbnfrlf0vAZ7/SSb56vHgewhhai9+4Xatqz:3bnfrlfWq739+4Xatqz

    Score
    1/10
    • Target

      .rsync/c/lib/32/libresolv-2.23.so

    • Size

      85KB

    • MD5

      0bd2d88d9d55e8838b65b5730403801b

    • SHA1

      d88c527c44841898ce0a4bf27291313f77a2a27d

    • SHA256

      362e3db0b24bb14b98d6c1926afe52d6ef8b23804caca0d7b8ec05c73ae7d7d9

    • SHA512

      1c3f790b173ee3be055633f0f974a7f4edee4d51280fc81f576e6734131e119cd935b1164ff3eb1ef8f438203931cc8da45eb73a51ff3757e25c7e6b89b78bf8

    • SSDEEP

      1536:+c3QWGtAyDfhqO1yerjRxtXXPJIyIImIjgU/3FwGxi8y8BeL2r2Z/1/f:NMOCJQUjRzXXhIErVweBeLz1

    Score
    1/10
    • Target

      .rsync/c/lib/32/libresolv.so.2

    • Size

      85KB

    • MD5

      0bd2d88d9d55e8838b65b5730403801b

    • SHA1

      d88c527c44841898ce0a4bf27291313f77a2a27d

    • SHA256

      362e3db0b24bb14b98d6c1926afe52d6ef8b23804caca0d7b8ec05c73ae7d7d9

    • SHA512

      1c3f790b173ee3be055633f0f974a7f4edee4d51280fc81f576e6734131e119cd935b1164ff3eb1ef8f438203931cc8da45eb73a51ff3757e25c7e6b89b78bf8

    • SSDEEP

      1536:+c3QWGtAyDfhqO1yerjRxtXXPJIyIImIjgU/3FwGxi8y8BeL2r2Z/1/f:NMOCJQUjRzXXhIErVweBeLz1

    Score
    1/10
    • Target

      .rsync/c/lib/32/tsm

    • Size

      144KB

    • MD5

      24175a52f0df8a88a3160a4bd5a59d29

    • SHA1

      82c1c28a394bbeb48bbf85cec98f78ef5b6f49c7

    • SHA256

      ac2513b3d37de1e89547d12d4e05a899848847571a3b11b18db0075149e85dcc

    • SHA512

      1a70644bfe3a9d6c7d476df2d30ddb7975d7625987bc3141c19e872a5b1c46712cd30b62856611eb52b9f3bfa801812ebde96d2f5d5d9ee337e8b5b89d9a4495

    • SSDEEP

      3072:0eZtwoq+6Eccjcc2c8tmQVjFkyCJrAQzg6ubQ9:0utwoB6Eccj4cemQVFkJJrSb0

    Score
    1/10
    • Target

      .rsync/c/lib/64/libc.so.6

    • Size

      1.8MB

    • MD5

      8c0d248ea33e6ef17b759fa5d81dda9e

    • SHA1

      238e834fc5baa8094f5db0cde465385917be4c6a

    • SHA256

      74ca69ada4429ae5fce87f7e3addb56f1b53964599e8526244fecd164b3c4b44

    • SHA512

      f6914058539222064556d16bec1d5e867da17a463910d9c723f9ff4b7f0c3a1bd71b67aa5770b8fccc94663f53879902ad2048cdf0be90c393e4bf369a8b4342

    • SSDEEP

      24576:oOj9DfWKJRe2Z6S+daAcf1vZXMlOREio7PmnL/NlXIrDq:3VWK75Z6hkAcf1vZXM8RvnxlXI/

    Score
    1/10
    • Target

      .rsync/c/lib/64/libdl.so.2

    • Size

      14KB

    • MD5

      db97e3a3b19b8f3e8aeb1b059ed5416a

    • SHA1

      28a7e65de1602dbc4f7f03c4883c8937847cf674

    • SHA256

      29189e885d336c2b9ab94e54ca143db5d85fe41fd6aee8f999caba3ea995706e

    • SHA512

      86f6e6e1477a1e541408ecb04a06fcd08fc5e68fe9dd311b6be2b098ece4b4abdc8b39ffc0083b3d3b27fcca627917195c08c69516942691e179b100b76f3008

    • SSDEEP

      192:Rqom8ptBTZblY+D8r9SSuAaeRkmTDfuci8M:5/TZxrNA2mTjueM

    Score
    1/10
    • Target

      .rsync/c/lib/64/libnss_dns.so.2

    • Size

      26KB

    • MD5

      468a1daad4f03ebd7ca66fcff438b77b

    • SHA1

      b26df2075674e60fe1e038ac16825deb40ebac61

    • SHA256

      1947d68c9eedc513a4dbb5c73d378f9bf4dfed6c1b4e78450b126c6ca1205ce6

    • SHA512

      ec0cfc6fca68b4d380e98b8ecccfcf6304d3dff6baa89ee475875fb7e4a3d07e39a133254b670201b69a05dbaecb3d08c70a9fc23490f074d387cb78fe252c09

    • SSDEEP

      384:gH1ka3MWNlKlQMtjeunFZFgXYubcj9gJQ8fAZOc+4B:gH1k8pNmBzF8Yu4j9D8o3

    Score
    1/10
    • Target

      .rsync/c/lib/64/libnss_files.so.2

    • Size

      46KB

    • MD5

      d3fbd7e6ffb7ba5277e0ddfa22ac1c2e

    • SHA1

      c30dca6d72cb38a403397df8659b2134372bcf4f

    • SHA256

      88de64db4d67f493ed6b4377e1fc731283c564ba97bd514bf9686d208c4afbe7

    • SHA512

      c4b1da111c986d2b29a6b2409bb70002333b7681d363b286b5ed66496f4d76d73154bb66d1f0e23d7cc76550123687ed1d055e9d2ce60a364f6ce77b12c61d38

    • SSDEEP

      768:dIe325Kzd8uQhyCHTGosq5+RdF8U/8AL1OXOXrDDI657bwUg:2e325MdNQyCzMqovNfLgXObDDd57kU

    Score
    1/10
    • Target

      .rsync/c/lib/64/libpthread.so.0

    • Size

      135KB

    • MD5

      a06eee80199068da8116f1d684ffdb3b

    • SHA1

      a2df8c9544db98f1e9b79e3b56e0b3a848ca2289

    • SHA256

      08f11db0dbabb45bc10a35b4ffc1142bcfa57445aec79e022fdc323ecb93beac

    • SHA512

      212046077c52a3e804be7221e81899d5fdac59f72a729ec26cccaba60ccf276648ea476b2e04205036e158b730cbccfe3c3ab2411a735d5ec91d1ead045f713c

    • SSDEEP

      3072:ktnfrlTBENQEuv5YsG2zKCaPdYRT0g/QwINwWo+cSKa:ktnfrltKLejzFaVmtQSWo+cSKa

    Score
    1/10
    • Target

      .rsync/c/lib/64/libresolv-2.23.so

    • Size

      98KB

    • MD5

      63ca86be8fbe85ff5efd68e737ceed99

    • SHA1

      5102e537653dc007b6f9b4863c8ef400f56dacc8

    • SHA256

      ebf85f7d506f3dd4efd7a7b1e29ff2df290f34dedefa67e5eac8350b6f41da97

    • SHA512

      3b07850adcf4aeece5f8657bf44ae8d44b2a1eb5ae462f096cd5f5f754d12f0f9b6c0e410706e792eac99007c4989bd4b7ac0955b221514e5a13d2de94827a26

    • SSDEEP

      1536:cc3QInusoqV7yEj65DIO/ufXRQmcNfexZ3r/VjgZFxj6CYBCaty+mCPzUOugg:LdVNYDIOGUfeTVja6mCrlu

    Score
    1/10
    • Target

      .rsync/c/lib/64/libresolv.so.2

    • Size

      98KB

    • MD5

      63ca86be8fbe85ff5efd68e737ceed99

    • SHA1

      5102e537653dc007b6f9b4863c8ef400f56dacc8

    • SHA256

      ebf85f7d506f3dd4efd7a7b1e29ff2df290f34dedefa67e5eac8350b6f41da97

    • SHA512

      3b07850adcf4aeece5f8657bf44ae8d44b2a1eb5ae462f096cd5f5f754d12f0f9b6c0e410706e792eac99007c4989bd4b7ac0955b221514e5a13d2de94827a26

    • SSDEEP

      1536:cc3QInusoqV7yEj65DIO/ufXRQmcNfexZ3r/VjgZFxj6CYBCaty+mCPzUOugg:LdVNYDIOGUfeTVja6mCrlu

    Score
    1/10
    • Target

      .rsync/c/lib/64/tsm

    • Size

      158KB

    • MD5

      a90fd68020f934cb150ed563cc2c95e2

    • SHA1

      05bc0b5b8795004d631935fcd6df8a8f64fe46e0

    • SHA256

      0f754eab280e5ff0b65c46bdd1cc16e8aff944c834379df2632cd5f261afe3bb

    • SHA512

      9311e6f117ece4780e59821629622d637f5476bf892a573b95f211a4212eeb195fbe87b700ad3a114a6389623ada4bfe21c5e4f82ff45b672307aad76d0c9427

    • SSDEEP

      1536:Ux1X5RnWDrCjlohbXJdwiGWIjl5FjmGcRQiZH6roR3dYYsUMxbtxhDtpuVMB0xEx:qRgqohFdBXIjTUGdo5d0rHfqEW

    Score
    1/10
    • Target

      .rsync/c/run

    • Size

      489B

    • MD5

      97a962fb5bd427e09547ecaaf850e034

    • SHA1

      3040ea8bc3226af1fc201c4fefcca17b62184bbe

    • SHA256

      5a1797ae845e8c80c771ece9174b93ad5d5a74e593fe3b508ba105830db5fd92

    • SHA512

      2ed6bad217478913a053fbcad37c904dddacee424ce39115c15019477870582b0d53da908783047cf9069df0a011387b3fba336385ff392ab0be84cd49d04001

    Score
    9/10
    • Attempts to identify hypervisor via CPU configuration

      Checks CPU information for indicators that the system is a virtual machine.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    • Target

      .rsync/c/slow

    • Size

      47B

    • MD5

      7da994ca9c99858f02f1c73b11d71f89

    • SHA1

      a47692b3c1eb781ed2a31a1579dd351c8de80fb5

    • SHA256

      b92e77fdc4aa3181ed62b2d0e58298f51f2993321580c8d2e3368ef8d6944364

    • SHA512

      6f060e9a03356792410c19819d9b2c0bdf397adbf8d0855a9440d32c055f7844197cadcc01e67ac7d0174feeab0d22449d4a4c454540b20cf78875a673d5f6ff

    Score
    5/10
    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    • Target

      .rsync/c/tsm

    • Size

      309B

    • MD5

      e8710e790c04be153d11f8b66e4bb91e

    • SHA1

      45c8037151b78ccfaa0dcc6bef864da2d98d84de

    • SHA256

      0bf8868d117a7c45276b6f966c09830b010c550cd16a2b0d753924fca707c842

    • SHA512

      9c30f458b40e68c110216c1ee972b525bd3cefa5e556d5440bd0de2d865573caf4630c1c8884fe19b18ca18537d40bdb6a49b3c1b7b44791bcf779014813fa11

    Score
    5/10
    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

Score
5/10

behavioral2

Score
5/10

behavioral3

Score
5/10

behavioral4

Score
5/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

antivm
Score
9/10

behavioral22

antivm
Score
9/10

behavioral23

antivm
Score
9/10

behavioral24

antivm
Score
9/10

behavioral25

Score
5/10

behavioral26

Score
5/10

behavioral27

Score
5/10

behavioral28

Score
5/10

behavioral29

Score
5/10

behavioral30

Score
5/10

behavioral31

Score
5/10

behavioral32

Score
5/10