General
-
Target
3a79225b5d6e1726e24b18ee35ad2a1b3656de80f4931d9fbd6ec3d7d9c7438d
-
Size
4.1MB
-
Sample
220617-ja8braahfn
-
MD5
bc81eac9992a160197188e614a30883a
-
SHA1
75855deba701913f65968e10050134b8ff5c8e9a
-
SHA256
3a79225b5d6e1726e24b18ee35ad2a1b3656de80f4931d9fbd6ec3d7d9c7438d
-
SHA512
362c6d10e1f54f6a4575cdcab3730cedb8141b321d66523b3959cc7e8b1fe09ac6b156bc0c1924172e36076a5a19c30efd8bff10e8a70421a18808ddeca22790
Malware Config
Targets
-
-
Target
3a79225b5d6e1726e24b18ee35ad2a1b3656de80f4931d9fbd6ec3d7d9c7438d
-
Size
4.1MB
-
MD5
bc81eac9992a160197188e614a30883a
-
SHA1
75855deba701913f65968e10050134b8ff5c8e9a
-
SHA256
3a79225b5d6e1726e24b18ee35ad2a1b3656de80f4931d9fbd6ec3d7d9c7438d
-
SHA512
362c6d10e1f54f6a4575cdcab3730cedb8141b321d66523b3959cc7e8b1fe09ac6b156bc0c1924172e36076a5a19c30efd8bff10e8a70421a18808ddeca22790
Score10/10-
suricata: ET MALWARE ZHtrap CnC Checkin
suricata: ET MALWARE ZHtrap CnC Checkin
-
suricata: ET MALWARE ZHtrap CnC Response - Connection Successfully Established
suricata: ET MALWARE ZHtrap CnC Response - Connection Successfully Established
-
Writes file to system bin folder
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-