Overview

overview

10

Static

static

10

pty3pejnyxxb

linux_amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pty3pejnyxxb

  • Size

    98KB

  • Sample

    220425-3xknradggj

  • MD5

    582a434ba0f2e04bd8b5495c50320068

  • SHA1

    b3888d650646aa63423765e686a14ddc82ee52be

  • SHA256

    7d3855bb09f2f6111d6c71e06e1e6b06dd47b1dade49af0235b220966c2f5be3

  • SHA512

    5d4075888d1414f57edd832c6fb7151103af441eafebfdeb97be077bcfa504429f792c1fb23f18674aaf94ba1c6fa8d42e7c73a0d7f2d845f7d9faa605ac6fe4

Score
10/10
kaitenlinuxpersistencesuricata

Malware Config

Targets

    • Target

      pty3pejnyxxb

    • Size

      98KB

    • MD5

      582a434ba0f2e04bd8b5495c50320068

    • SHA1

      b3888d650646aa63423765e686a14ddc82ee52be

    • SHA256

      7d3855bb09f2f6111d6c71e06e1e6b06dd47b1dade49af0235b220966c2f5be3

    • SHA512

      5d4075888d1414f57edd832c6fb7151103af441eafebfdeb97be077bcfa504429f792c1fb23f18674aaf94ba1c6fa8d42e7c73a0d7f2d845f7d9faa605ac6fe4

    Score
    10/10
    persistencesuricata

    • suricata: ET MALWARE ELF/Muhstik Botnet CnC Activity

      suricata: ET MALWARE ELF/Muhstik Botnet CnC Activity

      suricata

    • Writes file to system bin folder

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks