Overview

overview

10

Static

static

10

960cb32299...48a44a

linux_amd64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    960cb322998f273c7c30ea05f58284a5bf749dc32240d1ecbe533b091148a44a

  • Size

    1.1MB

  • Sample

    220217-xxgn7seeej

  • MD5

    fba111160d27811f538ffcee8eb0c1b7

  • SHA1

    629f9828d8f88197e528a49390f478aecdcd1f08

  • SHA256

    960cb322998f273c7c30ea05f58284a5bf749dc32240d1ecbe533b091148a44a

  • SHA512

    43aef2b5ec18cf13757b5ed79f667f5b941d298687215fdf482456be77e093812e91be2471031c88688b88c56d9afee73641d472a404d90d856cadcc66009fe0

Score
10/10
iptablezlinuxpersistence

Malware Config

Targets

    • Target

      960cb322998f273c7c30ea05f58284a5bf749dc32240d1ecbe533b091148a44a

    • Size

      1.1MB

    • MD5

      fba111160d27811f538ffcee8eb0c1b7

    • SHA1

      629f9828d8f88197e528a49390f478aecdcd1f08

    • SHA256

      960cb322998f273c7c30ea05f58284a5bf749dc32240d1ecbe533b091148a44a

    • SHA512

      43aef2b5ec18cf13757b5ed79f667f5b941d298687215fdf482456be77e093812e91be2471031c88688b88c56d9afee73641d472a404d90d856cadcc66009fe0

    Score
    7/10
    persistence

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Reads CPU attributes

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks