MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7b3d3da745510a14e3cc3ea75328b5bd948e1bd1b7d629c8fb348ace00af2fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ConnectBack


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7b3d3da745510a14e3cc3ea75328b5bd948e1bd1b7d629c8fb348ace00af2fe
SHA3-384 hash: 53855395d1be4a307aacd59398ac9f1c923af1d1cdd679e7342070fe3d381e89ea978c2abc7714d7551f5f7d5d530455
SHA1 hash: 2a6d039044f9f5ce528d0831f0f4ad679b1fd14f
MD5 hash: 91b50ee1a3db09b852550aa7e52686be
humanhash: victor-social-golf-emma
File name:91b50ee1a3db09b852550aa7e52686be
Download: download sample
Signature ConnectBack
Create hunting rule
File size:250 bytes
First seen:2023-12-14 09:38:59 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 6:BnX//In8/r1uBxHocmTrsoQ3RQdygg5XJYD:BvwncrAH3mPsZ532D
TLSH T1C4D080330B0A41DBDED4023F6974599CD77B8976574962310990EE010C096445F62DB5
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter zbetcheckin
Tags:64 ConnectBack elf

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
Unix.Backdoor.Msfvenom-10012672-0
Create hunting rule

Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/657acd3d3636548f374f5bb6/reports/b133e571-e171-494c-aa22-54fd975c0a3f/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
UPX
Botnet:
unknown
Number of open files:
10
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/c7b3d3da745510a14e3cc3ea75328b5bd948e1bd1b7d629c8fb348ace00af2fe
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9ec5074d-a649-4ebb-a6c7-2fc0f49aaacb
Result
Threat name:
ConnectBack
Create hunting rule
Detection:
malicious
Classification:
spre.troj
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1362058
Signature
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Opens /proc/net/* files useful for finding connected devices and routers
Yara detected ConnectBack
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/c7b3d3da745510a14e3cc3ea75328b5bd948e1bd1b7d629c8fb348ace00af2fe
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7b3d3da745510a14e3cc3ea75328b5bd948e1bd1b7d629c8fb348ace00af2fe/
Threat name:
Linux.Backdoor.ConnectBack
Create hunting rule
Status:
Malicious
First seen:
2023-12-12 10:16:07 UTC
File Type:
ELF64 Little (Exe)
AV detection:
22 of 37 (59.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y6z5hwtukuikctr4ypvhkmullpmuryn5dn6wfhepwnekzyak6l7a._file
Result
Malware family:
connectback
Create hunting rule
Score:
  10/10
Tags:
family:connectback linux
Link:
https://tria.ge/reports/231214-lmlpmaebb9/
Behaviour
Reads runtime system information
Reads system network configuration
Reads system routing table
Malware Config
C2 Extraction:
154.92.23.185:10216
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.23
Link:
https://yomi.yoroi.company/submissions/c7b3d3da745510a14e3cc3ea75328b5bd948e1bd1b7d629c8fb348ace00af2fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ConnectBack

elf c7b3d3da745510a14e3cc3ea75328b5bd948e1bd1b7d629c8fb348ace00af2fe

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2740521/

Comments


Avatar
zbet commented on 2023-12-14 09:39:00 UTC

url : hxxp://202.79.168.65/mazi.elf