398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15 | Triage

Sharing

General

Target

398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15
Size

53KB
Sample

220521-xnavasfdfm
MD5

111152d457d2be72cd39d50f1afc33b0
SHA1

b094ba97375436d9887bbac6a4cd47b959950f8a
SHA256

398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15
SHA512

e1224f55a0853583a68de62d3d23cb8fbb132ddad6410b133ea87665a7cb071b9cd786852ec496d70247b6a4f55e198b3b7fb9b422c7453d8880408762d551dc

Score

9^/10

discovery linux

Malware Config

Targets

- Target
  
  398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15
- Size
  
  53KB
- MD5
  
  111152d457d2be72cd39d50f1afc33b0
- SHA1
  
  b094ba97375436d9887bbac6a4cd47b959950f8a
- SHA256
  
  398af8e17fbff66a18952c72ccd29016aaae5a5589c63417be9a3303fb712a15
- SHA512
  
  e1224f55a0853583a68de62d3d23cb8fbb132ddad6410b133ea87665a7cb071b9cd786852ec496d70247b6a4f55e198b3b7fb9b422c7453d8880408762d551dc
Score

9^/10

discovery
- Contacts a large (87840) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1