cbd891075905c30abafe23df3ead5ecabd9a0454a5879ab9f2c820e3af32d381

Analysis

max time kernel
6267s
max time network
158s
platform
linux_armhf
resource
debian9-armhf-en-20211208
submitted
19/02/2022, 05:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbd891075905c30abafe23df3ead5ecabd9a0454a5879ab9f2c820e3af32d381
Size

107KB
MD5

2e8e9a426ee90ddc742d14c0659003f0
SHA1

43776550a0925a84042d01875827c97012b79023
SHA256

cbd891075905c30abafe23df3ead5ecabd9a0454a5879ab9f2c820e3af32d381
SHA512

d2489db93bc5cc4a976b27b3d1ce40a1eb919f439d0391dea358706cbb04a780482d5eb4ae50b71bd58331686b1c8c058a7c9d3d551757ed874fc6c85ddaeb8f

Score

7^/10

persistence

Malware Config

Signatures

Modifies rc script 1 TTPs 1 IoCs

Adding/modifying system rc scripts is a common persistence mechanism.

persistence

Boot or Logon Autostart Execution

T1547

description	ioc	Process
/etc/rc.d/rc.local	/etc/rc.d/rc.local	cbd891075905c30abafe23df3ead5ecabd9a0454a5879ab9f2c820e3af32d381

./cbd891075905c30abafe23df3ead5ecabd9a0454a5879ab9f2c820e3af32d381
./cbd891075905c30abafe23df3ead5ecabd9a0454a5879ab9f2c820e3af32d381
1⤵
- Modifies rc script
PID:345

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads