iptablez | 12954da8d252fdb02bc2293a11804c701bc7e1ecd01fd4feb79d40300dd0e578 | Triage

Sharing

General

Target

41278456deb35fbd66172eb506a8457b
Size

2.9MB
Sample

231222-bhg6jachd3
MD5

41278456deb35fbd66172eb506a8457b
SHA1

62f91b63357452a853e15bc75d260f254573813c
SHA256

12954da8d252fdb02bc2293a11804c701bc7e1ecd01fd4feb79d40300dd0e578
SHA512

8bcfb7cd67383140dc407cfa68f3c66a9a95129144f684c0cc6df999c33021b1bbade269c31293a2f4b69d70592d0878b72e972ece5d65017329ae155b78f5a0
SSDEEP

49152:tec8IcTlYsxo5BaQd5mO6fsDn20iZGVkTTRjRELoXrKcdqbRz3fkXYToJcT6rvd2:8cTcbcBaEjT2tG2TTRa8XVc13fGY2frw

Score

10^/10

iptablez backdoor linux

Malware Config

Targets

- Target
  
  /Client.exe
- Size
  
  2.0MB
- MD5
  
  9b3ea601933ce069356088d3a2359848
- SHA1
  
  aa50484edd009f8ebf8d7c8ad98c66a219a26432
- SHA256
  
  ca365663bfe424c2c093be6ab5dee4b64980c7eaaabf9a4be3c868eb8436ad94
- SHA512
  
  89a2fee47794eae951ce1dbf06c3ff8e7f1a6ecf7a9aa172a53c6533be0cafaf47bff668e88c4f4483f68dd96a3047798c1c1a58081ae9de60cc657192733992
- SSDEEP
  
  49152:ljm4F8QcV1CglPiQLhmU6T+JngKi5MHcB9RfRoRsxZWcvQb:HFZcpPikJJgfM8B9RS2xP4
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  /getsetup.exe
- Size
  
  116KB
- MD5
  
  5d5267d68e5210c35cd6fd82cba6ab22
- SHA1
  
  b27b5b222bd9dcb471ecfdde387b995de1e1fb5b
- SHA256
  
  c22a9814d1dfe7bd2cf75c3e15c3c8c555ed94a2db99966a39f9701301a34cb8
- SHA512
  
  468be95b63fb1bbe8725a63fc0380aa54dfc6f7e56c9e30b809547f61dafba7dad035eff4e1d31ee95b3500fcecfe327fc7ffe4204036604cbaf64d944cbaa34
- SSDEEP
  
  3072:2HejYMZvf/wfPv4B3JNVlLeqEDdHKgVx:psawf34BrrenDdqgVx
Score

3^/10
behavioral3 behavioral4
- Target
  
  /getsetup.hb
- Size
  
  1.0MB
- MD5
  
  9966d5db77f247070fcac9590a3fde80
- SHA1
  
  ec0fdb1333443a7c0442dd279626bf8d58eb8cbb
- SHA256
  
  10edad7999da34e37a866beadf2bb2c1952e071c93cb8708e79ee45c90a06199
- SHA512
  
  e6a468cdfd9f720b217069f0dddc012b8549a834862d287ea101914503a048f644085c16b534b2b7418686b792a9ee0cb1e32977751d648d57ed0241bed17131
- SSDEEP
  
  24576:L8TklemVE3JnQaQAcA+xk3ZeRXP1qjStp/vtq6bUn5V:2IemVE6aQyTpexwyVOn5V
Score

10^/10

iptablez backdoor
- Detected IptabLes/IptabLez backdoor
- IptabLes/IptabLez Backdoor
  Linux RAT/backdoor which has been around since 2014.
  backdoor iptablez
- Executes dropped EXE
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads CPU attributes
behavioral5
- Target
  
  /ƶ_C.exe
- Size
  
  348KB
- MD5
  
  8bc8598b3f168a1b4a5989f15d4fb1e4
- SHA1
  
  60649fd9977e446d259d9088951f0b60c11c74f3
- SHA256
  
  7d5e432b17b6e39cb71c0535ee48e211f5586b41e7440996a42093c689bdadf6
- SHA512
  
  1517ae3b064c68a529d1750b74eb730d935efbaa7c34903e38434e6f48aeacca35ac9b912203a371b420242c7dfa8a9cb2c203cd602b2fd8f454d5fa69ff6110
- SSDEEP
  
  6144:z7Vfiw4kd96ii2gftMMiYqTawGpFhsbdsB1UqzRIrZf6iDT:z7Fiw4qfTktMMitTaq
Score

1^/10
behavioral6 behavioral7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

iptablezbackdoor

behavioral6

behavioral7