Overview

overview

10

Static

static

10

427fe0c20c...28f68e

linux_mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    427fe0c20c4b48573654a69618292d07359836f69f394e871db90a312c28f68e

  • Size

    151KB

  • Sample

    220625-njrgtacec5

  • MD5

    92fca6a1782665e974ff1aa9170fb8cc

  • SHA1

    fb5fa0e6da8a6f09439076a1ec67cf8ba08cfd78

  • SHA256

    427fe0c20c4b48573654a69618292d07359836f69f394e871db90a312c28f68e

  • SHA512

    a705a5a842789b9ece7590ce6a0cccf11de9b593456784c948586e7e219c468787f4725119d1b67496c64ff39a66811b4028cd7f111ec1bf1cc05a43290489fd

Score
10/10
kaitenlinuxpersistence

Malware Config

Targets

    • Target

      427fe0c20c4b48573654a69618292d07359836f69f394e871db90a312c28f68e

    • Size

      151KB

    • MD5

      92fca6a1782665e974ff1aa9170fb8cc

    • SHA1

      fb5fa0e6da8a6f09439076a1ec67cf8ba08cfd78

    • SHA256

      427fe0c20c4b48573654a69618292d07359836f69f394e871db90a312c28f68e

    • SHA512

      a705a5a842789b9ece7590ce6a0cccf11de9b593456784c948586e7e219c468787f4725119d1b67496c64ff39a66811b4028cd7f111ec1bf1cc05a43290489fd

    Score
    7/10
    persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks