Overview

overview

10

Static

static

10

59e9a55a03...2d43c1

linux_amd64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59e9a55a03b24accd71f8503e2e24fa7d430ec758c8baebb21a0887dcc2d43c1

  • Size

    699KB

  • Sample

    220502-bp1apagfb5

  • MD5

    a3a70a53a5d4e4a4ef24c0f7e0757490

  • SHA1

    94efef21f765a4c6af2219760fb374b786006308

  • SHA256

    59e9a55a03b24accd71f8503e2e24fa7d430ec758c8baebb21a0887dcc2d43c1

  • SHA512

    85634593967a3932a3df5e2525b844194d6cbae15a662dbfc626e1f51c542f9f1e1058659ff13578f96a3057c4efb15471af968226aedcb0b289953f53310682

Score
10/10
iptablezlinuxpersistence

Malware Config

Targets

    • Target

      59e9a55a03b24accd71f8503e2e24fa7d430ec758c8baebb21a0887dcc2d43c1

    • Size

      699KB

    • MD5

      a3a70a53a5d4e4a4ef24c0f7e0757490

    • SHA1

      94efef21f765a4c6af2219760fb374b786006308

    • SHA256

      59e9a55a03b24accd71f8503e2e24fa7d430ec758c8baebb21a0887dcc2d43c1

    • SHA512

      85634593967a3932a3df5e2525b844194d6cbae15a662dbfc626e1f51c542f9f1e1058659ff13578f96a3057c4efb15471af968226aedcb0b289953f53310682

    Score
    7/10
    persistence

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Reads CPU attributes

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks