269614e98cf1a6f16026139c078e03c4790a03020abd0ac881540358f8f620cd | Triage

Resubmissions

27-09-2023 15:12

230927-slaz3ach49 7

25-11-2020 08:51

201125-237h7mgpxa 9

24-11-2020 13:31

201124-38cax1ssh2 9

Sharing

General

Target

269614e98cf1a6f16026139c078e03c4790a03020abd0ac881540358f8f620cd
Size

17KB
Sample

201125-237h7mgpxa
MD5

cff772c03b0af2d48bcff169aa82b3eb
SHA1

619b9a8a5fe3b3d7276cfebfcec8304dd44a708f
SHA256

269614e98cf1a6f16026139c078e03c4790a03020abd0ac881540358f8f620cd
SHA512

c573851ecd8319a49e1ef4d4292e29913f1b652219d17114223a5f03eddbaae4fc81f56c36f610ad887c353ac4cce482c91d1df91813a89d5dfad525f1e46c18

Score

9^/10

linux persistence

Malware Config

Targets

- Target
  
  269614e98cf1a6f16026139c078e03c4790a03020abd0ac881540358f8f620cd
- Size
  
  17KB
- MD5
  
  cff772c03b0af2d48bcff169aa82b3eb
- SHA1
  
  619b9a8a5fe3b3d7276cfebfcec8304dd44a708f
- SHA256
  
  269614e98cf1a6f16026139c078e03c4790a03020abd0ac881540358f8f620cd
- SHA512
  
  c573851ecd8319a49e1ef4d4292e29913f1b652219d17114223a5f03eddbaae4fc81f56c36f610ad887c353ac4cce482c91d1df91813a89d5dfad525f1e46c18
Score

9^/10

persistence
- Writes file to system bin folder
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1