Overview

overview

10

Static

static

10

.sshdd

ubuntu-18.04-amd64

7

261664

ubuntu-18.04-amd64

8

32

ubuntu-18.04-amd64

1

36000.exe

windows7-x64

7

36000.exe

windows10-2004-x64

7

64

ubuntu-18.04-amd64

8

GetPass.exe

windows7-x64

7

GetPass.exe

windows10-2004-x64

7

NetSyst81.dll

windows7-x64

1

NetSyst81.dll

windows10-2004-x64

1

POP

ubuntu-18.04-amd64

1

SAY123

ubuntu-18.04-amd64

5

SAY456

ubuntu-18.04-amd64

8

TomDog_Result.html

windows7-x64

1

TomDog_Result.html

windows10-2004-x64

1

a06

ubuntu-18.04-amd64

9

a07

ubuntu-18.04-amd64

9

a08

ubuntu-18.04-amd64

9

a09

ubuntu-18.04-amd64

9

a10

ubuntu-18.04-amd64

9

banner313.pl

ubuntu-18.04-amd64

banner313.pl

debian-9-armhf

banner313.pl

debian-9-mips

banner313.pl

debian-9-mipsel

f.sh

ubuntu-18.04-amd64

5

f.sh

debian-9-armhf

5

f.sh

debian-9-mips

5

f.sh

debian-9-mipsel

5

g3m.pl

ubuntu-18.04-amd64

g3m.pl

debian-9-armhf

g3m.pl

debian-9-mips

g3m.pl

debian-9-mipsel

Resubmissions

20-04-2023 08:22

230420-j9jsfaae7s 10

27-03-2023 09:38

230327-lmbvescg32 10

Analysis

  • max time kernel
    154s
  • max time network
    102s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    20-04-2023 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    261664

  • Size

    186KB

  • MD5

    b754622e816fb2281402b86f75fa9ccf

  • SHA1

    be1c9842f441500bd14b8ad9ac3a6cdac77ea47d

  • SHA256

    d8c511b7a07df74df69fd91a435a7228f7ecad477c7b6b4d23bf6fb5b04cf77d

  • SHA512

    d8057fe16bc35bc62b1998c67385ac79513ccfbf77cef68b5c73875910725b0ad886faf49b739576cbc3e795f8cf3416d729497e8e5cd7b47e8c78796405d925

  • SSDEEP

    3072:ilEwSaKOao1hsD4lLsCH4aNSJReEK5BQ6SnJ43aCQiqse:iOwPi4Jp4RnCk6A5

Score
8/10
persistence

Malware Config

Signatures

  • Modifies hosts file 1 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration 1 TTPs 3 IoCs

    Writes data to DNS resolver config file.

  • Modifies rc script 1 TTPs 2 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Reads runtime system information 3 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/261664
    /tmp/261664
    1⤵
      PID:575
      • /bin/sh
        sh -c "sed -i -e \"/exit/d\" /etc/rc.local"
        2⤵
          PID:576
          • /bin/sed
            sed -i -e /exit/d /etc/rc.local
            3⤵
            • Modifies rc script
            • Reads runtime system information
            PID:577
        • /bin/sh
          sh -c "sed -i -e \"/261664/d\" /etc/rc.local"
          2⤵
            PID:578
            • /bin/sed
              sed -i -e /261664/d /etc/rc.local
              3⤵
              • Modifies rc script
              • Reads runtime system information
              PID:579
          • /bin/sh
            sh -c "sed -i -e \"/8.8.8.8/d\" /etc/resolv.conf"
            2⤵
              PID:580
              • /bin/sed
                sed -i -e /8.8.8.8/d /etc/resolv.conf
                3⤵
                • Writes DNS configuration
                • Reads runtime system information
                PID:581
            • /bin/sh
              sh -c "echo \"nameserver 8.8.8.8\" >> /etc/resolv.conf"
              2⤵
              • Writes DNS configuration
              PID:582

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads