cyrat | 3c50ef708fd72b96187e91c30cd80fb3eddd8cc6530e1e81dfaefbe6bc50ef34 | Triage

Sharing

General

Target

3c50ef708fd72b96187e91c30cd80fb3eddd8cc6530e1e81dfaefbe6bc50ef34
Size

17.2MB
Sample

240916-q5r2ks1blb
MD5

08fdbf17d1288af24e2ab492e6d27dca
SHA1

a7c8822cf5ed6a455a1e755422355a9e63dfb037
SHA256

3c50ef708fd72b96187e91c30cd80fb3eddd8cc6530e1e81dfaefbe6bc50ef34
SHA512

7dc1156f5b26612bf1d05a089f0e1344f5a1bc9d7a4927f504fbf395cfc295507553934d33f19cbaf1c7b2de1080ea30f6013dadc905b6bd464bf99a2c367e39
SSDEEP

393216:2UwzvsTsjqXVhqNsnhtlZeRjPLRmh/eDaXxUGZaH4:2UwbsTSqTq6nl4mh/eDzH4

Score

10^/10

cyrat discovery linux pyinstaller

Malware Config

Targets

- Target
  
  04d136f4c2bac4196b1795bcd9e625029d686c696e7decabd17970da22a35caf.unknown
- Size
  
  371KB
- MD5
  
  2b9c8949f8a38de75f7c692d7d768591
- SHA1
  
  328d235e38f05b97eadfba5b3aa27826cbb4af66
- SHA256
  
  04d136f4c2bac4196b1795bcd9e625029d686c696e7decabd17970da22a35caf
- SHA512
  
  e7bdbe98af08501b35ecedaceb2707d4079e5cae62d00161d67328f82e51fa34b3dc94c274596acaad021c1f2db572d991951e63260e294d403c04a8d74f7c34
- SSDEEP
  
  6144:pyZjxSZjEVdlcV5r2rjJUfJakVtj+Lp7R+0KoaGB068E4Xn6LFnnP1Iw2Q8TDpBX:pq9lcV5inJ0EkLjCpV+0KoaGBp/4Xn6S
Score

7^/10

discovery
- Creates Raw socket
  Creates a socket that captures raw packets at the device level
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d.elf
- Size
  
  4.8MB
- MD5
  
  f9885aafa7048958174e73489acff182
- SHA1
  
  c87d050c55054b658d531fc9b522b02660319593
- SHA256
  
  3782e0dedbfe37028a0848f9cce0647083dade4969e3ca2edde847536c76652d
- SHA512
  
  fc543d7d3404bd95b325c12afe16aa2c0cd569a900a5eac65631579529e20adb8e4ad5daf76a3d4bf55e4efdf21009ef420a5d77a58fcbe496124b82387477f3
- SSDEEP
  
  98304:sZCRScDTjTiNLOGcsFZcXaM/iVWr3y1fLqN7+xQejD+u1qdnz+J:5NuLOGcsvBuiVB1fMKxQejD+Tz+
Score

3^/10

discovery
behavioral5
- Target
  
  4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.exe
- Size
  
  12.6MB
- MD5
  
  d427390e9fad598ec3288c9275c84628
- SHA1
  
  7b88e1eaa07151fc0d7639574fc7f40fa5be8aa3
- SHA256
  
  4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6
- SHA512
  
  83ecc48386999ec6d05999d88e9a81eae5267ea807441727cd60d44f17ead8a0ca6e8a0ffa7d5e4e9fc800d858fb2ee824815abe4299e0ec85639384b75324a8
- SSDEEP
  
  393216:prVo+wu2gmnX9c5hlEK/PNMtN3ZW43Q4Eei:prVo+wu2gmNEhxtMtN3r3Q4Ee
Score

7^/10
- Loads dropped DLL
behavioral6 behavioral7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Adversary-in-the-Middle

Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallercyrat

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7