General

  • Target

    728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848

  • Size

    126KB

  • Sample

    220415-bg3e3sagd9

  • MD5

    524f9d251746b069977fd621b2c5fd8f

  • SHA1

    6932744f2893c0b1748a3dacc480f669d971af17

  • SHA256

    728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848

  • SHA512

    71ae3066f2fb5bef87a2d0544abe8a5eeecdea6f15a7e39a0324bfbf4e0ff286206b63d89a32115af201272625f1748190cd376a5b5d345e41272d47458e4ea6

Malware Config

Targets

    • Target

      728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848

    • Size

      126KB

    • MD5

      524f9d251746b069977fd621b2c5fd8f

    • SHA1

      6932744f2893c0b1748a3dacc480f669d971af17

    • SHA256

      728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848

    • SHA512

      71ae3066f2fb5bef87a2d0544abe8a5eeecdea6f15a7e39a0324bfbf4e0ff286206b63d89a32115af201272625f1748190cd376a5b5d345e41272d47458e4ea6

    Score
    9/10
    • Writes file to system bin folder

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks