netfilter | cb8e536680732b474a5c26970ace2087667622caa3dd82c1c56731a7c5a1c8ce | Triage

Sharing

General

Target

cb8e536680732b474a5c26970ace2087667622caa3dd82c1c56731a7c5a1c8ce.bin
Size

114KB
Sample

210618-s65yqy683s
MD5

400c1c6312f99e4640077994bbfaedde
SHA1

657a875554b075eb7f2d314bbbe967c789624b30
SHA256

cb8e536680732b474a5c26970ace2087667622caa3dd82c1c56731a7c5a1c8ce
SHA512

00b05036757e558c3d210f838dce3c8b2b4808655263cc1d69bf21a78e93f6ad52b6a20a4d68ac033fdf06eecc334690190f38e8435dc64fab3d64b7fc1d5c96

Score

10^/10

netfilter persistence rootkit

Malware Config

Targets

- Target
  
  cb8e536680732b474a5c26970ace2087667622caa3dd82c1c56731a7c5a1c8ce.bin
- Size
  
  114KB
- MD5
  
  400c1c6312f99e4640077994bbfaedde
- SHA1
  
  657a875554b075eb7f2d314bbbe967c789624b30
- SHA256
  
  cb8e536680732b474a5c26970ace2087667622caa3dd82c1c56731a7c5a1c8ce
- SHA512
  
  00b05036757e558c3d210f838dce3c8b2b4808655263cc1d69bf21a78e93f6ad52b6a20a4d68ac033fdf06eecc334690190f38e8435dc64fab3d64b7fc1d5c96
Score

10^/10

netfilter persistence rootkit
- NetFilter
  NetFilter is a rootkit first seen in June 2021.
  rootkit netfilter
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netfilterpersistencerootkit

behavioral2

netfilterpersistencerootkit