bb90a8e444c76e8d06148849701535bd57c37c50cc6a96237d660382369d4d1b | Triage

Sharing

General

Target

3367825f0fed491f93fcdd8200191b98
Size

37KB
Sample

210727-va7ndlj2wj
MD5

3367825f0fed491f93fcdd8200191b98
SHA1

26060e5b061f019770352cdc60d3ffdbd8e75a22
SHA256

bb90a8e444c76e8d06148849701535bd57c37c50cc6a96237d660382369d4d1b
SHA512

94031f49b073abf55e6f4183b0803c071c146147d39ea3b35706fa37db9fe88bfa3485c2d4851070d62c8146ae4d382bb1c6600ba7074f7cffbf6a727ca0dfda

Score

9^/10

linux

Malware Config

Targets

- Target
  
  3367825f0fed491f93fcdd8200191b98
- Size
  
  37KB
- MD5
  
  3367825f0fed491f93fcdd8200191b98
- SHA1
  
  26060e5b061f019770352cdc60d3ffdbd8e75a22
- SHA256
  
  bb90a8e444c76e8d06148849701535bd57c37c50cc6a96237d660382369d4d1b
- SHA512
  
  94031f49b073abf55e6f4183b0803c071c146147d39ea3b35706fa37db9fe88bfa3485c2d4851070d62c8146ae4d382bb1c6600ba7074f7cffbf6a727ca0dfda
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3