General

  • Target

    79dd0b4912da98b007221302abfc936baec10ad73c0aa010d4ec469e392a805f

  • Size

    105KB

  • Sample

    220521-xqdnzacch4

  • MD5

    3ef5b63a72a65b1a881d8cfbe187afe4

  • SHA1

    eaa79b76282a149ace033453fc33c84dc888bc64

  • SHA256

    79dd0b4912da98b007221302abfc936baec10ad73c0aa010d4ec469e392a805f

  • SHA512

    88784a738089e44267d4d9adfe1aebd10cbd4cec2e6280a5efad9ec686eee30bc09bcfada53d29458bcb7b643c0c8b38bb525851fd9f0d07d896357a82013ccf

Score
9/10

Malware Config

Targets

    • Target

      79dd0b4912da98b007221302abfc936baec10ad73c0aa010d4ec469e392a805f

    • Size

      105KB

    • MD5

      3ef5b63a72a65b1a881d8cfbe187afe4

    • SHA1

      eaa79b76282a149ace033453fc33c84dc888bc64

    • SHA256

      79dd0b4912da98b007221302abfc936baec10ad73c0aa010d4ec469e392a805f

    • SHA512

      88784a738089e44267d4d9adfe1aebd10cbd4cec2e6280a5efad9ec686eee30bc09bcfada53d29458bcb7b643c0c8b38bb525851fd9f0d07d896357a82013ccf

    Score
    9/10
    • Contacts a large (10243) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Write file to user bin folder

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hijack Execution Flow

2
T1574

Privilege Escalation

Hijack Execution Flow

2
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

2
T1574

Discovery

Network Service Scanning

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Tasks