Analysis Overview
SHA256
1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc
Threat Level: Known bad
The file 1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc was found to be: Known bad.
Malicious Activity Summary
Enemybot family
family_enemybot
Creates/modifies Cron job
Modifies rc script
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-07-08 00:23
Signatures
Enemybot family
family_enemybot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-08 00:23
Reported
2022-07-08 02:08
Platform
debian9-mipsel-en-20211208
Max time kernel
0s
Max time network
152s
Command Line
Signatures
Creates/modifies Cron job
| Description | Indicator | Process | Target |
| /etc/crontab | /etc/crontab | ./1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc | N/A |
Modifies rc script
| Description | Indicator | Process | Target |
| /etc/rc.local | /etc/rc.local | ./1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| /tmp/.pwned | /tmp/.pwned | /bin/sh | N/A |
Processes
./1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc
[./1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc]
/bin/sh
[sh -c echo ENEMEYBOT V3.1-ALCAPONE hail KEKSEC > /tmp/.pwned]