iptablez | 1c714527787cb354ebba0eeb1657fb054be765838e8c845d13c488480a872e23 | Triage

Sharing

General

Target

231222-bhg6jachd3_pw_infected.zip
Size

2.9MB
Sample

240526-zcnm5abc3z
MD5

b0159907bc8bf59b344f1db47e268df0
SHA1

b3ab240cc4b9f69922bf0b99f54127c1d1714119
SHA256

1c714527787cb354ebba0eeb1657fb054be765838e8c845d13c488480a872e23
SHA512

1cc0b2e4e59d43a8b2d54d5033d6f66450940faf86940f64b0a3eba7e9e2694b055975d531f3b0e65ffede881b5e6bbb008cea96e1b7b8dfdf7fe6250c78375f
SSDEEP

49152:blV6M6pbXKzJlFZId2EQ9M0PAybjlQaXue7ygESuNdwRxiOar2zaHB9H88pW:b7B6tKzPM2EkPTjlQOuRg8dwGxHn88o

Score

10^/10

iptablez backdoor linux

Malware Config

Targets

- Target
  
  /Client.exe
- Size
  
  2.0MB
- MD5
  
  9b3ea601933ce069356088d3a2359848
- SHA1
  
  aa50484edd009f8ebf8d7c8ad98c66a219a26432
- SHA256
  
  ca365663bfe424c2c093be6ab5dee4b64980c7eaaabf9a4be3c868eb8436ad94
- SHA512
  
  89a2fee47794eae951ce1dbf06c3ff8e7f1a6ecf7a9aa172a53c6533be0cafaf47bff668e88c4f4483f68dd96a3047798c1c1a58081ae9de60cc657192733992
- SSDEEP
  
  49152:ljm4F8QcV1CglPiQLhmU6T+JngKi5MHcB9RfRoRsxZWcvQb:HFZcpPikJJgfM8B9RS2xP4
Score

1^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  /getsetup.exe
- Size
  
  116KB
- MD5
  
  5d5267d68e5210c35cd6fd82cba6ab22
- SHA1
  
  b27b5b222bd9dcb471ecfdde387b995de1e1fb5b
- SHA256
  
  c22a9814d1dfe7bd2cf75c3e15c3c8c555ed94a2db99966a39f9701301a34cb8
- SHA512
  
  468be95b63fb1bbe8725a63fc0380aa54dfc6f7e56c9e30b809547f61dafba7dad035eff4e1d31ee95b3500fcecfe327fc7ffe4204036604cbaf64d944cbaa34
- SSDEEP
  
  3072:2HejYMZvf/wfPv4B3JNVlLeqEDdHKgVx:psawf34BrrenDdqgVx
Score

1^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  /getsetup.hb
- Size
  
  1.0MB
- MD5
  
  9966d5db77f247070fcac9590a3fde80
- SHA1
  
  ec0fdb1333443a7c0442dd279626bf8d58eb8cbb
- SHA256
  
  10edad7999da34e37a866beadf2bb2c1952e071c93cb8708e79ee45c90a06199
- SHA512
  
  e6a468cdfd9f720b217069f0dddc012b8549a834862d287ea101914503a048f644085c16b534b2b7418686b792a9ee0cb1e32977751d648d57ed0241bed17131
- SSDEEP
  
  24576:L8TklemVE3JnQaQAcA+xk3ZeRXP1qjStp/vtq6bUn5V:2IemVE6aQyTpexwyVOn5V
Score

10^/10

iptablez backdoor
- Detected IptabLes/IptabLez backdoor
- IptabLes/IptabLez Backdoor
  Linux RAT/backdoor which has been around since 2014.
  backdoor iptablez
- Executes dropped EXE
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  /ƶ_C.exe
- Size
  
  348KB
- MD5
  
  8bc8598b3f168a1b4a5989f15d4fb1e4
- SHA1
  
  60649fd9977e446d259d9088951f0b60c11c74f3
- SHA256
  
  7d5e432b17b6e39cb71c0535ee48e211f5586b41e7440996a42093c689bdadf6
- SHA512
  
  1517ae3b064c68a529d1750b74eb730d935efbaa7c34903e38434e6f48aeacca35ac9b912203a371b420242c7dfa8a9cb2c203cd602b2fd8f454d5fa69ff6110
- SSDEEP
  
  6144:z7Vfiw4kd96ii2gftMMiYqTawGpFhsbdsB1UqzRIrZf6iDT:z7Fiw4qfTktMMitTaq
Score

1^/10
behavioral13 behavioral14 behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

iptablezbackdoor

behavioral10

iptablezbackdoor

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16