Overview

overview

8

Static

static

1

8d855c2874...1390b7

ubuntu-18.04-amd64

8

Analysis

  • max time kernel
    0s
  • max time network
    155s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    30/03/2023, 05:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d855c28744dd6a9c0668ad9659baf06e5e448353f54d2f99beddd21b41390b7

  • Size

    3.0MB

  • MD5

    9e232a14ba4fdb7f95d59d06682af25f

  • SHA1

    f49dba7152bde55c4bb014a1819b466a35473915

  • SHA256

    8d855c28744dd6a9c0668ad9659baf06e5e448353f54d2f99beddd21b41390b7

  • SHA512

    cdcae0acd761403102c9ae9af49f75f985828b107d8487aacc3a66c3aa90111f5900609ee41d148abe874b9b5a068e2b4edade30e65932e8bbde3fe4d7648854

  • SSDEEP

    98304:t2k8YNW6FUZu0W0E8oGYGCZ15nL3r+prEWp5a0OI:EZGZ8oru5a

Score
8/10
persistence

Malware Config

Signatures

  • Modifies hosts file 1 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration 1 TTPs 1 IoCs

    Writes data to DNS resolver config file.

  • Modifies rc script 1 TTPs 1 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/8d855c28744dd6a9c0668ad9659baf06e5e448353f54d2f99beddd21b41390b7
    /tmp/8d855c28744dd6a9c0668ad9659baf06e5e448353f54d2f99beddd21b41390b7
    1⤵
      PID:581
    • /bin/sh
      sh -c "/sbin/insmod /etc/intel_audio/intel_audio.ko"
      1⤵
        PID:583
        • /sbin/insmod
          /sbin/insmod /etc/intel_audio/intel_audio.ko
          2⤵
          • Reads runtime system information
          PID:584

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads