0ec82b6c1c1caafb1b4fbf3dd880f1485dfcf285c4f892bdfc8bc4b655db902e | Triage

Sharing

General

Target

Tsunami.arm7
Size

52KB
Sample

211205-hl5jkacagm
MD5

97110524554c47013fe6186a3a55a15e
SHA1

a8e5e15dedcc6a1fc7852f0712b892836d75861b
SHA256

0ec82b6c1c1caafb1b4fbf3dd880f1485dfcf285c4f892bdfc8bc4b655db902e
SHA512

793b2d167db7d00d21972091aa0587f48be35c7f567c1d236fd893e5ddb85e947c989f78e7c431f960725fafa97bf164a564057d329b5c818896365ad6987b46

Score

9^/10

linux

Malware Config

Targets

- Target
  
  Tsunami.arm7
- Size
  
  52KB
- MD5
  
  97110524554c47013fe6186a3a55a15e
- SHA1
  
  a8e5e15dedcc6a1fc7852f0712b892836d75861b
- SHA256
  
  0ec82b6c1c1caafb1b4fbf3dd880f1485dfcf285c4f892bdfc8bc4b655db902e
- SHA512
  
  793b2d167db7d00d21972091aa0587f48be35c7f567c1d236fd893e5ddb85e947c989f78e7c431f960725fafa97bf164a564057d329b5c818896365ad6987b46
Score

9^/10
- Writes file to system bin folder
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Write file to user bin folder
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1