Resubmissions

28-02-2022 15:41

220228-s4qs8seeg3 10

12-06-2021 09:55

210612-f7rmdwaays 10

12-06-2021 09:51

210612-kcegep1ef2 7

General

  • Target

    installer.run

  • Size

    99KB

  • Sample

    210612-f7rmdwaays

  • MD5

    d4b45f4ab1ec5616026e8fbed2431be8

  • SHA1

    28ecd4944f37bb8f9b7dfd1d486f7c9c027166d0

  • SHA256

    819eab9afaca5601ffd83c85a7edd6cd1899e6b431ab8e901a385065912adeb1

  • SHA512

    2026b561dce762930e3c6a7179d509efb7be482281111f65461328ed6da5c04e1bb7a7bf3f5cd883920a2cdd50e5c72b1c500d6f4963174792f0c183070b0771

Malware Config

Targets

    • Target

      installer.run

    • Size

      99KB

    • MD5

      d4b45f4ab1ec5616026e8fbed2431be8

    • SHA1

      28ecd4944f37bb8f9b7dfd1d486f7c9c027166d0

    • SHA256

      819eab9afaca5601ffd83c85a7edd6cd1899e6b431ab8e901a385065912adeb1

    • SHA512

      2026b561dce762930e3c6a7179d509efb7be482281111f65461328ed6da5c04e1bb7a7bf3f5cd883920a2cdd50e5c72b1c500d6f4963174792f0c183070b0771

    • Detected EvilGnome

    • EvilGnome Backdoor

      Linux malware which targets desktop users. Includes common stealer/keylogger functionality as well as downloading and executing various modules.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks