Malware Analysis Report

2025-04-03 09:55

Sample ID 220708-aphvzacbe7
Target 1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc
SHA256 1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc
Tags
enemybot persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc

Threat Level: Known bad

The file 1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc was found to be: Known bad.

Malicious Activity Summary

enemybot persistence

Enemybot family

family_enemybot

Creates/modifies Cron job

Modifies rc script

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-07-08 00:23

Signatures

Enemybot family

enemybot

family_enemybot

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-08 00:23

Reported

2022-07-08 02:08

Platform

debian9-mipsel-en-20211208

Max time kernel

0s

Max time network

152s

Command Line

[./1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc]

Signatures

Creates/modifies Cron job

persistence
Description Indicator Process Target
/etc/crontab /etc/crontab ./1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc N/A

Modifies rc script

persistence
Description Indicator Process Target
/etc/rc.local /etc/rc.local ./1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc N/A

Writes file to tmp directory

Description Indicator Process Target
/tmp/.pwned /tmp/.pwned /bin/sh N/A

Processes

./1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc

[./1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc]

/bin/sh

[sh -c echo ENEMEYBOT V3.1-ALCAPONE hail KEKSEC > /tmp/.pwned]

Network

Files

N/A