4628820fd1bf94458c2955420031259caf6f1df376febd227c4adfe26eee848d | Triage

Sharing

General

Target

4628820fd1bf94458c2955420031259caf6f1df376febd227c4adfe26eee848d
Size

53KB
Sample

220521-p2h4tsbfdp
MD5

b3a3ceb978becd09182a0c1e730ba7fb
SHA1

4a525607c40451b7231e4673dcf3634acd3059f2
SHA256

4628820fd1bf94458c2955420031259caf6f1df376febd227c4adfe26eee848d
SHA512

46d25bacce4a528c726dc09b02339fdb6fe6993f8a95a66810bbff016ba62ebb71419461d271096475fb0795b9ae470174a8792a6f227331c47d2acca7b22664

Score

9^/10

discovery linux

Malware Config

Targets

- Target
  
  4628820fd1bf94458c2955420031259caf6f1df376febd227c4adfe26eee848d
- Size
  
  53KB
- MD5
  
  b3a3ceb978becd09182a0c1e730ba7fb
- SHA1
  
  4a525607c40451b7231e4673dcf3634acd3059f2
- SHA256
  
  4628820fd1bf94458c2955420031259caf6f1df376febd227c4adfe26eee848d
- SHA512
  
  46d25bacce4a528c726dc09b02339fdb6fe6993f8a95a66810bbff016ba62ebb71419461d271096475fb0795b9ae470174a8792a6f227331c47d2acca7b22664
Score

9^/10

discovery
- Contacts a large (84826) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1