2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9 | Triage

Sharing

General

Target

2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9
Size

611KB
Sample

220217-zjfk4aecf5
MD5

3291432c0084225333ee57320404e655
SHA1

96a637393566a51222a87f3588b01e021faac651
SHA256

2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9
SHA512

d86e86246063a6bb4d7c09d5c4e52af5904458b489b7dc21b0c795b32981482545c4a7f757892a2a2fec7af092986480642e8990e74f12ec6e26a17e328535cb

Score

9^/10

linux persistence

Malware Config

Targets

- Target
  
  2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9
- Size
  
  611KB
- MD5
  
  3291432c0084225333ee57320404e655
- SHA1
  
  96a637393566a51222a87f3588b01e021faac651
- SHA256
  
  2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9
- SHA512
  
  d86e86246063a6bb4d7c09d5c4e52af5904458b489b7dc21b0c795b32981482545c4a7f757892a2a2fec7af092986480642e8990e74f12ec6e26a17e328535cb
Score

9^/10

persistence
- Writes file to system bin folder
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Write file to user bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1