b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c

Resubmissions

09/03/2023, 11:55

230309-n3j7vabb5s 7

09/03/2023, 11:52

09/03/2023, 11:52

09/03/2023, 11:51

06/03/2023, 18:09

03/02/2023, 20:32

Analysis

max time kernel
0s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221111-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
06/03/2023, 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c
Size

2.4MB
MD5

2902e12f00a185471b619233ee8631f3
SHA1

7e7f666a6839abe1b2cc76176516f54e46a2d453
SHA256

b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c
SHA512

0060f2e8b9ffe7c813a76597a76d899c2159318aacaff32f3b364801893573cb3c32c39d68cdde2c200a985dbad5944a52eefb3c3c5cae1690ccd465184a19d7
SSDEEP

49152:2bZPXEinhLENX/bX40MA4sDM9RIfiv2eZRBqnlptIU6iQnkgWbwL/KIRpvg9Suj:4KinhLEBo0MA4sDoIqv2eZOnlw+QnHp8

Score

7^/10

Malware Config

Signatures

Write file to user bin folder 1 TTPs 64 IoCs

Hijack Execution Flow

T1574

description	ioc
/usr/sbin/groupmod	/usr/sbin/groupmod
/usr/sbin/grpck	/usr/sbin/grpck
/usr/sbin/update-dictcommon-aspell	/usr/sbin/update-dictcommon-aspell
/usr/sbin/update-pciids	/usr/sbin/update-pciids
/usr/sbin/update-usbids	/usr/sbin/update-usbids
/usr/sbin/upgrade-from-grub-legacy	/usr/sbin/upgrade-from-grub-legacy
/usr/sbin/iucode_tool	/usr/sbin/iucode_tool
/usr/sbin/pwunconv	/usr/sbin/pwunconv
/usr/sbin/e2freefrag	/usr/sbin/e2freefrag
/usr/sbin/e4crypt	/usr/sbin/e4crypt
/usr/sbin/mklost+found	/usr/sbin/mklost+found
/usr/sbin/filefrag	/usr/sbin/filefrag
/usr/sbin/validlocale	/usr/sbin/validlocale
/usr/sbin/irqbalance-ui	/usr/sbin/irqbalance-ui
/usr/sbin/service	/usr/sbin/service
/usr/sbin/select-default-ispell	/usr/sbin/select-default-ispell
/usr/sbin/popcon-largest-unused	/usr/sbin/popcon-largest-unused
/usr/sbin/tzconfig	/usr/sbin/tzconfig
/usr/sbin/e4defrag	/usr/sbin/e4defrag
/usr/sbin/update-ca-certificates	/usr/sbin/update-ca-certificates
/usr/sbin/pam-auth-update	/usr/sbin/pam-auth-update
/usr/sbin/update-grub-gfxpayload	/usr/sbin/update-grub-gfxpayload
/usr/sbin/chgpasswd	/usr/sbin/chgpasswd
/usr/sbin/dpkg-reconfigure	/usr/sbin/dpkg-reconfigure
/usr/sbin/faillock	/usr/sbin/faillock
/usr/sbin/sshd	/usr/sbin/sshd
/usr/sbin/iconvconfig	/usr/sbin/iconvconfig
/usr/sbin/dpkg-preconfigure	/usr/sbin/dpkg-preconfigure
/usr/sbin/vcstime	/usr/sbin/vcstime
/usr/sbin/userdel	/usr/sbin/userdel
/usr/sbin/cron	/usr/sbin/cron
/usr/sbin/readprofile	/usr/sbin/readprofile
/usr/sbin/readme	/usr/sbin/readme
/usr/sbin/grub-macbless	/usr/sbin/grub-macbless
/usr/sbin/aa-status	/usr/sbin/aa-status
/usr/sbin/setvesablank	/usr/sbin/setvesablank
/usr/sbin/chroot	/usr/sbin/chroot
/usr/sbin/ispell-autobuildhash	/usr/sbin/ispell-autobuildhash
/usr/sbin/remove-default-ispell	/usr/sbin/remove-default-ispell
/usr/sbin/grub-reboot	/usr/sbin/grub-reboot
/usr/sbin/useradd	/usr/sbin/useradd
/usr/sbin/grpunconv	/usr/sbin/grpunconv
/usr/sbin/update-default-ispell	/usr/sbin/update-default-ispell
/usr/sbin/grpconv	/usr/sbin/grpconv
/usr/sbin/remove-shell	/usr/sbin/remove-shell
/usr/sbin/arpd	/usr/sbin/arpd
/usr/sbin/irqbalance	/usr/sbin/irqbalance
/usr/sbin/iptables-apply	/usr/sbin/iptables-apply
/usr/sbin/update-locale	/usr/sbin/update-locale
/usr/sbin/zic	/usr/sbin/zic
/usr/sbin/groupdel	/usr/sbin/groupdel
/usr/sbin/chpasswd	/usr/sbin/chpasswd
/usr/sbin/visudo	/usr/sbin/visudo
/usr/sbin/grub-probe	/usr/sbin/grub-probe
/usr/sbin/update-rc.d	/usr/sbin/update-rc.d
/usr/sbin/rtcwake	/usr/sbin/rtcwake
/usr/sbin/dmidecode	/usr/sbin/dmidecode
/usr/sbin/add-shell	/usr/sbin/add-shell
/usr/sbin/cppw	/usr/sbin/cppw
/usr/sbin/invoke-rc.d	/usr/sbin/invoke-rc.d
/usr/sbin/agent	/usr/sbin/agent
/usr/sbin/fdformat	/usr/sbin/fdformat
/usr/sbin/uuidd	/usr/sbin/uuidd
/usr/sbin/grub-mkconfig	/usr/sbin/grub-mkconfig

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery

T1082

description	ioc
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online

/tmp/b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c
/tmp/b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c /usr -id "\"lasalchichaestamuybuenayeljamon!!\"" -ep 10 -fork -vmonly -logs
1⤵
PID:607

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads