ech0raix | a130125a498a358b75cd9a1256ea873baeacd81f77c3d2ea475f3e547f899509 | Triage

Sharing

General

Target

a130125a498a358b75cd9a1256ea873baeacd81f77c3d2ea475f3e547f899509
Size

4.0MB
Sample

220617-ja8mhsddh7
MD5

fad30251f203f5cc39ef2b67ccb7ca4b
SHA1

89de4dd78decbee9272f8115d67379892ccdf3ae
SHA256

a130125a498a358b75cd9a1256ea873baeacd81f77c3d2ea475f3e547f899509
SHA512

598fcd183d1ea913feb611335aa7e23e1df98640a41036b9b7ca803bd6f864a5379ec73f99559fe1127215274da2bec22a554a0ca2199ccb8e142d88fa3fb7f8

Score

10^/10

ech0raix linux persistence suricata

Malware Config

Targets

- Target
  
  a130125a498a358b75cd9a1256ea873baeacd81f77c3d2ea475f3e547f899509
- Size
  
  4.0MB
- MD5
  
  fad30251f203f5cc39ef2b67ccb7ca4b
- SHA1
  
  89de4dd78decbee9272f8115d67379892ccdf3ae
- SHA256
  
  a130125a498a358b75cd9a1256ea873baeacd81f77c3d2ea475f3e547f899509
- SHA512
  
  598fcd183d1ea913feb611335aa7e23e1df98640a41036b9b7ca803bd6f864a5379ec73f99559fe1127215274da2bec22a554a0ca2199ccb8e142d88fa3fb7f8
Score

10^/10

persistence suricata
- suricata: ET MALWARE ZHtrap CnC Checkin
  suricata: ET MALWARE ZHtrap CnC Checkin
  suricata
- suricata: ET MALWARE ZHtrap CnC Response - Connection Successfully Established
  suricata: ET MALWARE ZHtrap CnC Response - Connection Successfully Established
  suricata
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencesuricata