Overview

overview

10

Static

static

10

pty1tgkzvpot

linux_mips

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pty1tgkzvpot

  • Size

    156KB

  • Sample

    220425-3xgbbshga3

  • MD5

    4aa80ec9c4af1849fb3f0c82cf82c99b

  • SHA1

    0a2ad5795cbafb1f2962c27ce0fe657704d146ee

  • SHA256

    4817893f8e724cbc5186e17f46d316223b7683dcbc9643e364b5913f8d2a9197

  • SHA512

    6d51053d173efcbfed3b89294e1f8c17c90795054ce4f7c5fcb18c12bbcbed8cb31f27b5ef354aeb9909d3beb03a1797b94c6f9ac32dfd5b1697f52ceccd5356

Score
10/10
kaitenlinuxpersistence

Malware Config

Targets

    • Target

      pty1tgkzvpot

    • Size

      156KB

    • MD5

      4aa80ec9c4af1849fb3f0c82cf82c99b

    • SHA1

      0a2ad5795cbafb1f2962c27ce0fe657704d146ee

    • SHA256

      4817893f8e724cbc5186e17f46d316223b7683dcbc9643e364b5913f8d2a9197

    • SHA512

      6d51053d173efcbfed3b89294e1f8c17c90795054ce4f7c5fcb18c12bbcbed8cb31f27b5ef354aeb9909d3beb03a1797b94c6f9ac32dfd5b1697f52ceccd5356

    Score
    9/10
    persistence

    • Writes file to system bin folder

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks