148d2c9243715b5393be2c512e4234c495f0e6ba0c7fd240d41d3341d1ad56d5

Analysis

max time kernel
15220s
max time network
161s
platform
linux_armhf
resource
debian9-armhf-en-20211208
submitted
02-06-2022 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

148d2c9243715b5393be2c512e4234c495f0e6ba0c7fd240d41d3341d1ad56d5
Size

127KB
MD5

c6eb6a02afa1a70e4d2f4340452f40f5
SHA1

b38f531a0bd922e5cad5d56b805daf8c38fce49a
SHA256

148d2c9243715b5393be2c512e4234c495f0e6ba0c7fd240d41d3341d1ad56d5
SHA512

b0dd0ecf32c1f4a04b6f4812d1e2cd59bb5f3c74756d10727423f4ebf481f2824eb762a7fa524a8737aeb1a4484df704c44191d49b92ed0ffe2825e4d2525cee

Score

7^/10

persistence

Malware Config

Signatures

Modifies rc script 1 TTPs 1 IoCs

Adding/modifying system rc scripts is a common persistence mechanism.

persistence

Boot or Logon Autostart Execution

T1547

description	ioc	Process
/etc/rc.d/rc.local	/etc/rc.d/rc.local	148d2c9243715b5393be2c512e4234c495f0e6ba0c7fd240d41d3341d1ad56d5

./148d2c9243715b5393be2c512e4234c495f0e6ba0c7fd240d41d3341d1ad56d5
./148d2c9243715b5393be2c512e4234c495f0e6ba0c7fd240d41d3341d1ad56d5
1⤵
- Modifies rc script
PID:347

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads