Overview

overview

10

Static

static

10

/Client.exe

windows7-x64

5

/Client.exe

windows10-2004-x64

5

/getsetup.exe

windows7-x64

3

/getsetup.exe

windows10-2004-x64

3

/getsetup.hb

ubuntu-18.04-amd64

10

/..._C.exe

windows7-x64

1

/..._C.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41278456deb35fbd66172eb506a8457b

  • Size

    2.9MB

  • Sample

    231222-bhg6jachd3

  • MD5

    41278456deb35fbd66172eb506a8457b

  • SHA1

    62f91b63357452a853e15bc75d260f254573813c

  • SHA256

    12954da8d252fdb02bc2293a11804c701bc7e1ecd01fd4feb79d40300dd0e578

  • SHA512

    8bcfb7cd67383140dc407cfa68f3c66a9a95129144f684c0cc6df999c33021b1bbade269c31293a2f4b69d70592d0878b72e972ece5d65017329ae155b78f5a0

  • SSDEEP

    49152:tec8IcTlYsxo5BaQd5mO6fsDn20iZGVkTTRjRELoXrKcdqbRz3fkXYToJcT6rvd2:8cTcbcBaEjT2tG2TTRa8XVc13fGY2frw

Score
10/10
iptablezbackdoorlinux

Malware Config

Targets

    • Target

      /Client.exe

    • Size

      2.0MB

    • MD5

      9b3ea601933ce069356088d3a2359848

    • SHA1

      aa50484edd009f8ebf8d7c8ad98c66a219a26432

    • SHA256

      ca365663bfe424c2c093be6ab5dee4b64980c7eaaabf9a4be3c868eb8436ad94

    • SHA512

      89a2fee47794eae951ce1dbf06c3ff8e7f1a6ecf7a9aa172a53c6533be0cafaf47bff668e88c4f4483f68dd96a3047798c1c1a58081ae9de60cc657192733992

    • SSDEEP

      49152:ljm4F8QcV1CglPiQLhmU6T+JngKi5MHcB9RfRoRsxZWcvQb:HFZcpPikJJgfM8B9RS2xP4

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      /getsetup.exe

    • Size

      116KB

    • MD5

      5d5267d68e5210c35cd6fd82cba6ab22

    • SHA1

      b27b5b222bd9dcb471ecfdde387b995de1e1fb5b

    • SHA256

      c22a9814d1dfe7bd2cf75c3e15c3c8c555ed94a2db99966a39f9701301a34cb8

    • SHA512

      468be95b63fb1bbe8725a63fc0380aa54dfc6f7e56c9e30b809547f61dafba7dad035eff4e1d31ee95b3500fcecfe327fc7ffe4204036604cbaf64d944cbaa34

    • SSDEEP

      3072:2HejYMZvf/wfPv4B3JNVlLeqEDdHKgVx:psawf34BrrenDdqgVx

    Score
    3/10
    behavioral3behavioral4

    • Target

      /getsetup.hb

    • Size

      1.0MB

    • MD5

      9966d5db77f247070fcac9590a3fde80

    • SHA1

      ec0fdb1333443a7c0442dd279626bf8d58eb8cbb

    • SHA256

      10edad7999da34e37a866beadf2bb2c1952e071c93cb8708e79ee45c90a06199

    • SHA512

      e6a468cdfd9f720b217069f0dddc012b8549a834862d287ea101914503a048f644085c16b534b2b7418686b792a9ee0cb1e32977751d648d57ed0241bed17131

    • SSDEEP

      24576:L8TklemVE3JnQaQAcA+xk3ZeRXP1qjStp/vtq6bUn5V:2IemVE6aQyTpexwyVOn5V

    Score
    10/10
    iptablezbackdoor

    • Detected IptabLes/IptabLez backdoor

    • IptabLes/IptabLez Backdoor

      Linux RAT/backdoor which has been around since 2014.

      backdooriptablez

    • Executes dropped EXE

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads CPU attributes

    behavioral5

    • Target

      /ƶ_C.exe

    • Size

      348KB

    • MD5

      8bc8598b3f168a1b4a5989f15d4fb1e4

    • SHA1

      60649fd9977e446d259d9088951f0b60c11c74f3

    • SHA256

      7d5e432b17b6e39cb71c0535ee48e211f5586b41e7440996a42093c689bdadf6

    • SHA512

      1517ae3b064c68a529d1750b74eb730d935efbaa7c34903e38434e6f48aeacca35ac9b912203a371b420242c7dfa8a9cb2c203cd602b2fd8f454d5fa69ff6110

    • SSDEEP

      6144:z7Vfiw4kd96ii2gftMMiYqTawGpFhsbdsB1UqzRIrZf6iDT:z7Fiw4qfTktMMitTaq

    Score
    1/10
    behavioral6behavioral7

MITRE ATT&CK Matrix ATT&CK v13

Tasks