a46c870d1667a3ee31d2ba8969c9024bdb521ae8aad2079b672ce8416d85e8df

Analysis

max time kernel
149s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
10-04-2024 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a46c870d1667a3ee31d2ba8969c9024bdb521ae8aad2079b672ce8416d85e8df
Size

101KB
MD5

479b6bc7dfc3b65370c9668e5da6bf0d
SHA1

3b0231ea896db354bd48181054a8f182ce98ed7e
SHA256

a46c870d1667a3ee31d2ba8969c9024bdb521ae8aad2079b672ce8416d85e8df
SHA512

e9b1bec197cd84f8d5d244177c663cc4f5caf3d1a7580c87f32b51ccc01466dec328199f8e71e9d47bc1ca397fa2286773020aed1355930c809eb708cb2f5579
SSDEEP

1536:/7w/KuPs7N8JeSNI40UhS+kNFXH1ZkLz0ou3m0T9/BL+Onm39XuKP8NTPor:/7w/KKs7N81IBXH6Ti9pLdnm38K0NTY

Score

4^/10

Malware Config

Signatures

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/ip_tables_names	iptables-save

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/resolv.conf	sh

/tmp/a46c870d1667a3ee31d2ba8969c9024bdb521ae8aad2079b672ce8416d85e8df
/tmp/a46c870d1667a3ee31d2ba8969c9024bdb521ae8aad2079b672ce8416d85e8df
1⤵
PID:1550
- /bin/sh
  sh -c "IPT=/sbin/iptables;\$IPT -N TN;\$IPT -A TN -s .85.82h2HU.17 -j ACCEPT;\$IPT -A TN -p tcp -m tcp --dport 23 -j REJECT;\$IPT -I INPUT -j TN;\$IPT-save; echo 'nameserver 4.2.2.2' > /tmp/resolv.conf;echo 'namserver 208.67.222.222' >> /tmp/resolv.conf"
  2⤵
  - Writes file to tmp directory
  PID:1551
- - /sbin/iptables
    /sbin/iptables -N TN
    3⤵
    PID:1552
- - /sbin/iptables
    /sbin/iptables -A TN -s .85.82h2HU.17 -j ACCEPT
    3⤵
    PID:1555
- - /sbin/iptables
    /sbin/iptables -A TN -p tcp -m tcp --dport 23 -j REJECT
    3⤵
    PID:1556
- - /sbin/iptables
    /sbin/iptables -I INPUT -j TN
    3⤵
    PID:1562
- - /sbin/iptables-save
    /sbin/iptables-save
    3⤵
    - Reads system network configuration
    PID:1563

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/resolv.conf

Filesize
19B

MD5
18e0d4be7ee318c312d30ed75f39224a

SHA1
b9dc9465cf5b3df703210bc0a9c3a9cf99a0a9da

SHA256
ccf6e60942eb1621dc5c14f36e531f15ddab87cd011b0330055b638437969038

SHA512
50d8b06a918649fd3d3b9ddb4e9a5488584adc3fd17c32ed897283bdd96d38f77e51e7bf3580e9ec826aba09112cfcf220a6a989cae1f65e0876787fccd7b7f3

Download Submit
/tmp/resolv.conf

Filesize
44B

MD5
51a49244ffd6b878ded13f8ca99ec374

SHA1
e1b011254290e401e3e033691ac003fb5eb4744e

SHA256
b8b3e8e7ef159fac65286258082f832c227e982512ff9457b7d166e91b77ce98

SHA512
202ecd188cb234b6d21e6a4c895fc1420ec445bea436a9cba0986fc82979df6d2f3afca57542e2944f5df9b380d61ede54e6782cd3baee0f07a1df41b59a10c1

Download Submit