ech0raix | 3d8d25e2204f25260c42a29ad2f6c5c21f18f90ce80cb338bc678e242fba68cd | Triage

Sharing

General

Target

3d8d25e2204f25260c42a29ad2f6c5c21f18f90ce80cb338bc678e242fba68cd
Size

4.5MB
Sample

220617-h13nhsahcl
MD5

cc92abe1b08778b79d0369caf016c97e
SHA1

fe47cccdfc35063c6e54786ea704cad5addce866
SHA256

3d8d25e2204f25260c42a29ad2f6c5c21f18f90ce80cb338bc678e242fba68cd
SHA512

9e2477d18fc560978a422a50b32b71707def72a7d2470b75b6672fc2ba8584ecf5fe618108748b002312ae6d072f255f0981a26ee6ea788d4acdd5f6f7e32ede

Score

10^/10

ech0raix linux persistence suricata

Malware Config

Targets

- Target
  
  3d8d25e2204f25260c42a29ad2f6c5c21f18f90ce80cb338bc678e242fba68cd
- Size
  
  4.5MB
- MD5
  
  cc92abe1b08778b79d0369caf016c97e
- SHA1
  
  fe47cccdfc35063c6e54786ea704cad5addce866
- SHA256
  
  3d8d25e2204f25260c42a29ad2f6c5c21f18f90ce80cb338bc678e242fba68cd
- SHA512
  
  9e2477d18fc560978a422a50b32b71707def72a7d2470b75b6672fc2ba8584ecf5fe618108748b002312ae6d072f255f0981a26ee6ea788d4acdd5f6f7e32ede
Score

10^/10

persistence suricata
- suricata: ET MALWARE ZHtrap CnC Checkin
  suricata: ET MALWARE ZHtrap CnC Checkin
  suricata
- suricata: ET MALWARE ZHtrap CnC Response - Connection Successfully Established
  suricata: ET MALWARE ZHtrap CnC Response - Connection Successfully Established
  suricata
- Deletes system logs
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Indicator Removal on Host

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencesuricata