Overview

overview

7

Static

static

1

VNC-Server...4/Xvnc

ubuntu-18.04-amd64

1

VNC-Server...c-core

ubuntu-18.04-amd64

3

VNC-Server...ps/vnc

ubuntu-18.04-amd64

1

VNC-Server...ry_ip4

ubuntu-18.04-amd64

6

VNC-Server...ry_ip4

debian-9-armhf

6

VNC-Server...ry_ip4

debian-9-mips

6

VNC-Server...ry_ip4

debian-9-mipsel

6

VNC-Server...odules

ubuntu-18.04-amd64

1

VNC-Server...odules

debian-9-armhf

1

VNC-Server...odules

debian-9-mips

1

VNC-Server...odules

debian-9-mipsel

1

VNC-Server...mlinks

ubuntu-18.04-amd64

1

VNC-Server...mlinks

debian-9-armhf

1

VNC-Server...mlinks

debian-9-mips

1

VNC-Server...mlinks

debian-9-mipsel

1

VNC-Server...cagent

ubuntu-18.04-amd64

1

VNC-Server...config

ubuntu-18.04-amd64

1

VNC-Server...config

debian-9-armhf

1

VNC-Server...config

debian-9-mips

1

VNC-Server...config

debian-9-mipsel

1

VNC-Server...nstall

ubuntu-18.04-amd64

7

VNC-Server...nstall

debian-9-armhf

7

VNC-Server...nstall

debian-9-mips

7

VNC-Server...nstall

debian-9-mipsel

7

VNC-Server...icense

ubuntu-18.04-amd64

1

VNC-Server...nsewiz

ubuntu-18.04-amd64

1

VNC-Server...helper

ubuntu-18.04-amd64

1

VNC-Server...passwd

ubuntu-18.04-amd64

1

VNC-Server...server

ubuntu-18.04-amd64

1

VNC-Server...server

debian-9-armhf

1

VNC-Server...server

debian-9-mips

1

VNC-Server...server

debian-9-mipsel

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VNC-Server-7.6.1-Linux-x64-ANY.tar.gz

  • Size

    16.0MB

  • Sample

    230929-zkys3aga42

  • MD5

    a17897d79c6d74b32a72791b603da5c7

  • SHA1

    247d1143c86ecc6e03364ce348749e63a37ddea0

  • SHA256

    9e93f7035063840e0579fddd498254c3789c8c86d2a1e6a22eb477804d4f73a6

  • SHA512

    62083e3dc7d5ec3a6c30e1e635c3d28c66080c03685ebbc52fa6c5dd552121d425639abd17879ff237c6c1053d1be01409f2647737a26c56efffeef2485d4302

  • SSDEEP

    393216:Nhbs7FjSgY6MxGuyd+f73wkIYqU0Agkq9VZdiWTY42cS8Hh2XF:HARS8MxGmfDKtnkqvBi4K

Score
7/10
linuxpersistence

Malware Config

Targets

    • Target

      VNC-Server-7.6.1-Linux-x64/Xvnc

    • Size

      1.6MB

    • MD5

      125b463d64bd48d422f97ab76b5ecc43

    • SHA1

      dcb4d5fdf0bdf7a5d7de112e04c2e3f43b717cc5

    • SHA256

      e07b74d8eb63418c545fb2385df0d0460c8c1e70db58c2871d21376074a739ba

    • SHA512

      b05da31777f8b808732264ed3a257c080c4f211413ca0a48a3a8f215896ff747587d252292b78adab0f1a8023366f2d53fa6bb2038e7a0c0b96fa2ed19fc0274

    • SSDEEP

      24576:l6TzWWvwLUrBk5ohZHNh7Au+3emVmUiNv8JEYV/NfcwbiTfwL7:lUvwLUrBk5ohZnAuwbVO8JEWdYrW

    Score
    1/10
    behavioral1

    • Target

      VNC-Server-7.6.1-Linux-x64/Xvnc-core

    • Size

      11.4MB

    • MD5

      39750e85722a0ffba632c437cc5ad2d5

    • SHA1

      f6a1f9de06bc915e6ff4320c6dbca1e09d0c020f

    • SHA256

      2db2e7809776721966b958839d33b1fedd4dd33ac448b3effa30bf82b87d06ce

    • SHA512

      678f590f4b17caad176b1b2daf8949bb67a26180b5aaa4727e49eac8f533cff6755c1c60cc7fe63a64a5d2cd01ffe001ec03ae6c8ab54ecf61031b12b1b8c440

    • SSDEEP

      98304:u5awYCT5kwE+PtOZmBBlOFpWFnseSf+OA5UlfBwweskpC3iMY7WktbBfJENfT8CH:iuOZpsela7w5Rkb8guI1

    Score
    3/10
    behavioral2

    • Target

      VNC-Server-7.6.1-Linux-x64/cups/vnc

    • Size

      667KB

    • MD5

      b9cc18d6e3999fc9471bc7babd23d63c

    • SHA1

      abecc9d202361302988c377de9d5e10070eca0ee

    • SHA256

      1e9cb4094c4115c42184408d41bdfe73dd5055725a443e6da3f711009c691526

    • SHA512

      4126d0dd50cd06fd125dd8a5633fb463e456b9257d9a8a0d573fbc958fedd57b0b19ee20d8c869749a218d3ae68b3fd53aedd009fb4caa444fb96487189b9496

    • SSDEEP

      12288:dJ52u6W08uaZ9O2XVJ4thZa7JtVTY53enfz:dJ52u6A9O2FJ4t+tVTO36fz

    Score
    1/10
    behavioral3

    • Target

      VNC-Server-7.6.1-Linux-x64/get_primary_ip4

    • Size

      6KB

    • MD5

      d2b333ccabd9c9a838a11a8e2831cd57

    • SHA1

      e744e96c4edd238b9b0ff6d007aad0d5afed915c

    • SHA256

      6f8572213db41879e8f1f58d50b8a4e64656217123f1967682d9e85376a49699

    • SHA512

      b3d74c0bb39581a620ae11f56cb5ab95e4cd0fe66fa39fc8a746a443b65ded46006a4d7aec1d6f2cefe8fb6e1a08303096f7e362ba931f58ee57bd6290f70c2f

    • SSDEEP

      96:rDH7wyrz8WI6Q3/8ljpYL+0o2uVj0f6pJ0f0EGSkCsW5sB6B:vHEyv8WIlPojpYLbkj0yr0flGU5sB6B

    Score
    6/10

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    behavioral4behavioral5behavioral6behavioral7

    • Target

      VNC-Server-7.6.1-Linux-x64/registerSELinuxmodules

    • Size

      7KB

    • MD5

      163f1bf33876db6604b149b61387b9c1

    • SHA1

      0f9810f44a4cab944d7661cc11e2ffcd57ee87ed

    • SHA256

      5e2f354b5cdf20bdc867207cf471feeb57f13c89c4addd130caf19c9e0406905

    • SHA512

      e0a12ed47717289f5409ccc47aefa5d8d87dee52c48051c648a83f063df1f4cb4bc94fa1d5f5bdf3517aff32b81cf8bfe1fb5c1e0937d175e4ff0760c61e3c33

    • SSDEEP

      192:x9rojCzacotHvlyomCyKCdB99QXeq9JhKBtxFyS2mJrgTrgr:c2XotPlymCB+QN

    Score
    1/10
    behavioral10behavioral11behavioral8behavioral9

    • Target

      VNC-Server-7.6.1-Linux-x64/rpmConflictSymlinks

    • Size

      2KB

    • MD5

      5048afbf1871c74328cca73afe0489bb

    • SHA1

      fdccc0435363fc66309f8f8a1e359edeaf858c17

    • SHA256

      4f885cd9cc11bafe522dec92a528d3534130f9cca5d148fc73bfb620f7ef4603

    • SHA512

      362659ead6942c1cf33b49e9997f0f9230983c4d8aa439866b237a416479ff760366ecfe06dd114387c9af5880e09a92f7f93159461de0670d617654b4372136

    Score
    1/10
    behavioral12behavioral13behavioral14behavioral15

    • Target

      VNC-Server-7.6.1-Linux-x64/vncagent

    • Size

      1.0MB

    • MD5

      610cdec8bd5e1425ab8956106385c967

    • SHA1

      ddc19783f51a8dbae3b94c6abb4093e88baa3aa2

    • SHA256

      7164c1c8878214c6036802caa49448330688f6d6a08bc38b1b9990d72ba74fb0

    • SHA512

      64919aef11c1b30db36a52f660d3f067d12afe68bd6983d96e588235fc2cd15d1eafabdffa676cfdb18564db3a7b70af4bfff4a26273916faf3d49729451a3ac

    • SSDEEP

      24576:kfkAkKiZM7gG6YHUlHMTaFEOJjRzhxbICoRh:kxoHMTl0FTaR

    Score
    1/10
    behavioral16

    • Target

      VNC-Server-7.6.1-Linux-x64/vncinitconfig

    • Size

      51KB

    • MD5

      e0a4bbba11e3de9886a4fc8f2a36945d

    • SHA1

      4d1ee966cf8a20cdbd172b03824f1da2fedfb74f

    • SHA256

      e09ff31b7f6d4535269fe4c33acee7d461fb4ef10dc055bf676834a4eb610bb7

    • SHA512

      527d732f754035ea79c62a283391f8b6c9609eca589711313e2fcd683a347d11f5cfa7944e4e71960c270549fc3d8510a878038f2c26100974cff1ea880df8e7

    • SSDEEP

      768:oUHPBlrywAsKar0i9613K2PK7AO4LRzv0WT+W0Cf9DENpNOV6uITKojCE:oUH7Dr0223OC0DCFEhI61

    Score
    1/10
    behavioral17behavioral18behavioral19behavioral20

    • Target

      VNC-Server-7.6.1-Linux-x64/vncinstall

    • Size

      4KB

    • MD5

      4d80090eff14b681eae881b49bb777ac

    • SHA1

      1b1cb4d1eb7b16d485b826d0cdf832747c6d3391

    • SHA256

      4d7120564ccbbdb6825612d5a05cacbfe6d1ace91dfe1ca81155ad9ccc5be4df

    • SHA512

      e06633f788a0b8519a55b8682038f6fe4af69bddd4af94c59feb233b5906b76c05bdadecafcf14060e11e1bd91182026632d8837c21ed7b151f1cfd25415e878

    • SSDEEP

      96:r3h14xnlRY+vtpZ7fGdh6XLWra7RK7Zge4x6P:jh1uHl/7fGdh6XLWra7RK7Oes6P

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Modifies PAM framework files

      Modifies Linux PAM framework files, possibly to intercept credentials.

    • Write file to user bin folder

    behavioral21behavioral22behavioral23behavioral24

    • Target

      VNC-Server-7.6.1-Linux-x64/vnclicense

    • Size

      964KB

    • MD5

      127abb296b24ff3cdfd72640ab79160d

    • SHA1

      c162e72b4a1151243b34d0e5ce49271d72daaaa1

    • SHA256

      aa4e5cf867ab0c07ec8c484a8ea2f43054742b334ed011235013f361aa7f02d2

    • SHA512

      c376f96d3e3cbdd638da3b4c3848fce2a879f23dbae469d71b87a085684be814b797bcf5fafb835eaeb73b0be0c5b3740ee45f1136e37fb3eba023fe7cafa1c6

    • SSDEEP

      24576:fFicn75kG4AcnUKTzJlIqpmBRzOmaTR35zyuKAPn:fvn75kG4A6UKfJcRvQ3Zx

    Score
    1/10
    behavioral25

    • Target

      VNC-Server-7.6.1-Linux-x64/vnclicensewiz

    • Size

      3.6MB

    • MD5

      08559004f5a834c094a22f52455f87e2

    • SHA1

      daa81d74bfaa474215092781302f3b8c521718c8

    • SHA256

      afaf8aba41db29dfde88185671738e54253bb2ea86eac4b588de973d2b3839f3

    • SHA512

      93c6e8f68513c5c7277a82bd3d0a60ca670c17e0850b96c67791bffe6cbf75e15cfca13e314d515cb488e3a55ce321d750f4add12daf159724946cb2b13b2a7f

    • SSDEEP

      49152:Mc8H6cHHfmHYluqe51iyuA1db/VEEWjIYS99UMvLC+Ut3KYyM90fogj7LWFrEj+h:M5fIYluq/A1MEWUYSzZPVogY

    Score
    1/10
    behavioral26

    • Target

      VNC-Server-7.6.1-Linux-x64/vncpamhelper

    • Size

      720KB

    • MD5

      7fed5248dd69088bf76c1a81bd84d630

    • SHA1

      e04b886eb1f5ddcbe8ddba754235fe4259bd9e08

    • SHA256

      22bcb14db51fd34f92e151077ce60a44b2a5202a1930101ab55600a8c81d5148

    • SHA512

      096f76ca613613959c603acd32414614419dc6a682ac52c6cac9dcbeb9b1e19b5854cead2debaac118f247264be2d5b2dd3f332c12db80c4525f6ffd90bbd0a4

    • SSDEEP

      12288:K8I0tAUIPHlHZ5Ckae0yghSkgo+HDaOwJbAtor6Eg0m9r:K8I0/IPHlHBRgDh+eOwJbfroVr

    Score
    1/10
    behavioral27

    • Target

      VNC-Server-7.6.1-Linux-x64/vncpasswd

    • Size

      640KB

    • MD5

      a737ad5810078873a347064c64c31e8e

    • SHA1

      ce8adfe8989d4eafdc036b09c41b30032e17f3d7

    • SHA256

      7bb99a40bdb0393eebf64513a6012b24cb9532777e6392859ba21a6e8c29f389

    • SHA512

      dca7793c0acdba641d405af692f51a2a1acc061bc3d3ff5440cd8f79cf76c17ab3a7a976c84c093025d82bd681d0a264b871a1a63b373c4c064f31a7cc2172ff

    • SSDEEP

      12288:bqKBNzZlqFanOzprazV8Px1U8CQE12DdvjY7o10uj7A:bqKBNFCFnPxdPE12Dd7+k7A

    Score
    1/10
    behavioral28

    • Target

      VNC-Server-7.6.1-Linux-x64/vncserver

    • Size

      581B

    • MD5

      3e3a4f195a441f98b280f43f32a07790

    • SHA1

      7dac199a3b8e2570cdb3edb17449f7f8a714dd62

    • SHA256

      5e29e19b3c85b38910e0b5f392eff610e2f91f9a7e7eb23d8a221ac71ffe7456

    • SHA512

      b8f985058a7f64788d49a3088a98b677672ed793aadd9afc83f96d5062fe4a78052f7df21c3d4b0ce09f7099cf217b5f60b8728ec3f7e9d872bc1adbe4d0dbdf

    Score
    1/10
    behavioral29behavioral30behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

Score
1/10

behavioral2

Score
3/10

behavioral3

Score
1/10

behavioral4

Score
6/10

behavioral5

Score
6/10

behavioral6

Score
6/10

behavioral7

Score
6/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

persistence
Score
7/10

behavioral22

persistence
Score
7/10

behavioral23

persistence
Score
7/10

behavioral24

persistence
Score
7/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10