Overview

overview

10

Static

static

10

c4b0be3aa2...ab5604

debian-9-armhf

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4b0be3aa243874b1a08857cdfd63dc0feb8db2a1403dd91fa81a76f85ab5604

  • Size

    182KB

  • Sample

    220725-c84mwsbgan

  • MD5

    ecbf3d0eae6aab33a24f2d812d0b40f6

  • SHA1

    26acdc8a9780e01aa848ebf2c706161d0932dc50

  • SHA256

    c4b0be3aa243874b1a08857cdfd63dc0feb8db2a1403dd91fa81a76f85ab5604

  • SHA512

    5102d1dcf6ecef162301b5a89b5feaed1fda6c342e1ede61626fca0a34e581ea7f5c0b2396014d25e63f82e4b6e21d7b44c2bb827fe18c2def1848e628a357b6

Score
10/10
kaitenpersistence

Malware Config

Targets

    • Target

      c4b0be3aa243874b1a08857cdfd63dc0feb8db2a1403dd91fa81a76f85ab5604

    • Size

      182KB

    • MD5

      ecbf3d0eae6aab33a24f2d812d0b40f6

    • SHA1

      26acdc8a9780e01aa848ebf2c706161d0932dc50

    • SHA256

      c4b0be3aa243874b1a08857cdfd63dc0feb8db2a1403dd91fa81a76f85ab5604

    • SHA512

      5102d1dcf6ecef162301b5a89b5feaed1fda6c342e1ede61626fca0a34e581ea7f5c0b2396014d25e63f82e4b6e21d7b44c2bb827fe18c2def1848e628a357b6

    Score
    7/10
    persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks