Analysis Overview
SHA256
5b266c9bd119725dda27c91c08dd3b61659f2b91a487b420b21514f3235cbbb9
Threat Level: Known bad
The file 5b266c9bd119725dda27c91c08dd3b61659f2b91a487b420b21514f3235cbbb9 was found to be: Known bad.
Malicious Activity Summary
Enemybot family
family_enemybot
Creates/modifies Cron job
Modifies rc script
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-07-08 00:19
Signatures
Enemybot family
family_enemybot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-08 00:19
Reported
2022-07-08 02:05
Platform
debian9-armhf-en-20211208
Max time kernel
0s
Max time network
156s
Command Line
Signatures
Creates/modifies Cron job
| Description | Indicator | Process | Target |
| /etc/crontab | /etc/crontab | ./5b266c9bd119725dda27c91c08dd3b61659f2b91a487b420b21514f3235cbbb9 | N/A |
Modifies rc script
| Description | Indicator | Process | Target |
| /etc/rc.local | /etc/rc.local | ./5b266c9bd119725dda27c91c08dd3b61659f2b91a487b420b21514f3235cbbb9 | N/A |
Reads runtime system information
Writes file to tmp directory
| Description | Indicator | Process | Target |
| /tmp/.pwned | /tmp/.pwned | /bin/sh | N/A |
Processes
./5b266c9bd119725dda27c91c08dd3b61659f2b91a487b420b21514f3235cbbb9
[./5b266c9bd119725dda27c91c08dd3b61659f2b91a487b420b21514f3235cbbb9]
/bin/sh
[sh -c echo ENEMEYBOT V3.1-ALCAPONE hail KEKSEC > /tmp/.pwned]