d44b6322497ea75712710dbb74f0fdd47d34e7f7e55bc8e68ac052f4a883db1e | Triage

Sharing

General

Target

unk.sh
Size

32KB
Sample

220705-jdjgssfafj
MD5

915341f64bd315170331b0c9c0ec243f
SHA1

61ec9154737c859b33874f35b88453c2c05d7164
SHA256

d44b6322497ea75712710dbb74f0fdd47d34e7f7e55bc8e68ac052f4a883db1e
SHA512

4d3712ba3c8d7f3ddb4c6635036268a04a9a0559e42bd479409bd345f5046c3b38408ea17eaf1fa7c7c9940752078066083b40fc934764d4d31a0eddc938d6c3

Score

9^/10

android linux persistence

Malware Config

Targets

- Target
  
  unk.sh
- Size
  
  32KB
- MD5
  
  915341f64bd315170331b0c9c0ec243f
- SHA1
  
  61ec9154737c859b33874f35b88453c2c05d7164
- SHA256
  
  d44b6322497ea75712710dbb74f0fdd47d34e7f7e55bc8e68ac052f4a883db1e
- SHA512
  
  4d3712ba3c8d7f3ddb4c6635036268a04a9a0559e42bd479409bd345f5046c3b38408ea17eaf1fa7c7c9940752078066083b40fc934764d4d31a0eddc938d6c3
Score

9^/10

persistence
- Deletes system logs
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Write file to user bin folder
- Reads CPU attributes
- Enumerates kernel/hardware configuration
  Reads contents of /sys virtual filesystem to enumerate system information.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Hijack Execution Flow

Privilege Escalation

Scheduled Task

Hijack Execution Flow

Defense Evasion

Indicator Removal on Host

Hijack Execution Flow

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Tasks

static1

behavioral1

behavioral2