General

  • Target

    2798996391466331047e448cd6ba478224a7133444a40bd1fe692576c6512574

  • Size

    37KB

  • Sample

    220521-xqzanscdc2

  • MD5

    588eb1e3f487bb31109a961d55a92ae6

  • SHA1

    78e92b2183a9dad2ffe06c58f6551d3ce48abc13

  • SHA256

    2798996391466331047e448cd6ba478224a7133444a40bd1fe692576c6512574

  • SHA512

    e6432769377f89f78c2f6920beaa2ccf8800c7a32f1763b7df0fb22a1a18e4ea773d120e7d40133f02559d5762871c0feba06f5840bbdd70775c0e385dfc905f

Score
9/10

Malware Config

Targets

    • Target

      2798996391466331047e448cd6ba478224a7133444a40bd1fe692576c6512574

    • Size

      37KB

    • MD5

      588eb1e3f487bb31109a961d55a92ae6

    • SHA1

      78e92b2183a9dad2ffe06c58f6551d3ce48abc13

    • SHA256

      2798996391466331047e448cd6ba478224a7133444a40bd1fe692576c6512574

    • SHA512

      e6432769377f89f78c2f6920beaa2ccf8800c7a32f1763b7df0fb22a1a18e4ea773d120e7d40133f02559d5762871c0feba06f5840bbdd70775c0e385dfc905f

    Score
    9/10
    • Contacts a large (23187) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Discovery

Network Service Scanning

2
T1046

Tasks