536966ffaa47bd040a08a192472096c6f850a8ce190219613e83987212978b53

Analysis

max time kernel
0s
max time network
1048s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
17/10/2024, 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PixelFinder.py
Size

758B
MD5

e38d7f586ab66bf2846ed4f2a162f2ae
SHA1

5b3558da2e86c557bdc6ca866ed8d470ada764e4
SHA256

536966ffaa47bd040a08a192472096c6f850a8ce190219613e83987212978b53
SHA512

b90213204b098106a3c52356d1b6d2562c9073000f989df451be9a3290a4af002804e7047b654a073a33134bb9057aaa0401b9423197f49071dcc74b62e7ccc7

Score

6^/10

execution

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 20 IoCs

Web Service

T1102

flow	ioc
2290	discord.com
2296	discord.com
2636	discord.com
2199	discord.com
2235	discord.com
2265	discord.com
2270	discord.com
2298	discord.com
2386	discord.com
525	discord.com
2234	discord.com
2275	discord.com
2297	discord.com
2323	discord.com
2363	discord.com
2196	discord.com
2197	discord.com
2277	discord.com
2375	discord.com
2715	discord.com

Command and Scripting Interpreter: Python 1 TTPs 1 IoCs

Execution via Python.

execution

Python

T1059.006

pid	Process
1508	python

/usr/bin/python
python /tmp/PixelFinder.py
1⤵
- Command and Scripting Interpreter: Python
PID:1508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Python

T1059.006

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...