5706673bd610b28324bf042be367bba2f04d5b6f1efe310a51d018295f317249 | Triage

Sharing

General

Target

6afe8e2d34a9d246a441fd8ec98790f9
Size

38KB
Sample

210727-a3znwlba9j
MD5

6afe8e2d34a9d246a441fd8ec98790f9
SHA1

f2b892e94a9b82ced759ac9b17a16cc575cbaae6
SHA256

5706673bd610b28324bf042be367bba2f04d5b6f1efe310a51d018295f317249
SHA512

39cbf102bf3b42bbeefc15402450e8b909b912648c4be1ce545b076bedc4f9b9052d02f21af8d76544cf2c1b8f68fed6598dcf5fd4790242dcd76eb6eaf6dde8

Score

9^/10

linux

Malware Config

Targets

- Target
  
  6afe8e2d34a9d246a441fd8ec98790f9
- Size
  
  38KB
- MD5
  
  6afe8e2d34a9d246a441fd8ec98790f9
- SHA1
  
  f2b892e94a9b82ced759ac9b17a16cc575cbaae6
- SHA256
  
  5706673bd610b28324bf042be367bba2f04d5b6f1efe310a51d018295f317249
- SHA512
  
  39cbf102bf3b42bbeefc15402450e8b909b912648c4be1ce545b076bedc4f9b9052d02f21af8d76544cf2c1b8f68fed6598dcf5fd4790242dcd76eb6eaf6dde8
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1