Overview

overview

10

Static

static

10

b68f4c8989...cc98f9

linux_amd64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

  • Size

    102KB

  • Sample

    220521-xsm1esfgbp

  • MD5

    8c8d103f4addde921efbbee260e5ace4

  • SHA1

    e884f607a6d9e109c9bb3ac9e93a4b0cf3a8b536

  • SHA256

    b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

  • SHA512

    3e82904b7bb559af51cb69c5b19bd5aeed47c4fb0a30cf772580200f0eb76e9214ff8f4cd961efd7817ab3dfcc0dc975f7e5100ce80b27da94a6d6d522f65f5a

Score
10/10
gafgytmirailinuxpersistence

Malware Config

Targets

    • Target

      b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

    • Size

      102KB

    • MD5

      8c8d103f4addde921efbbee260e5ace4

    • SHA1

      e884f607a6d9e109c9bb3ac9e93a4b0cf3a8b536

    • SHA256

      b68f4c8989c6095ad00eb266ea91b84e61a4b2bacde1b2522c887e4e04cc98f9

    • SHA512

      3e82904b7bb559af51cb69c5b19bd5aeed47c4fb0a30cf772580200f0eb76e9214ff8f4cd961efd7817ab3dfcc0dc975f7e5100ce80b27da94a6d6d522f65f5a

    Score
    7/10
    persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks