Overview

overview

9

Static

static

miori.x86

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    miori.x86

  • Size

    45KB

  • Sample

    220808-y8d8wshgb5

  • MD5

    213274ab177802d9a4b395044c5dcc47

  • SHA1

    42bbc51340fbabf426c65d6314d863d40d1ec81b

  • SHA256

    a9fd235bfac3c9324f3d255dbd45ca664d27bf9e43ef68fece2241087e27c818

  • SHA512

    37509f174d1127ea84b156078b2e7a33d09263059fd083c7cb8355edd331c4251ec97307d3d55ae5b561ca66b83ac7c9638b53f8f8bfeb411b1709c0d62d91fc

Score
9/10
linuxpersistence

Malware Config

Targets

    • Target

      miori.x86

    • Size

      45KB

    • MD5

      213274ab177802d9a4b395044c5dcc47

    • SHA1

      42bbc51340fbabf426c65d6314d863d40d1ec81b

    • SHA256

      a9fd235bfac3c9324f3d255dbd45ca664d27bf9e43ef68fece2241087e27c818

    • SHA512

      37509f174d1127ea84b156078b2e7a33d09263059fd083c7cb8355edd331c4251ec97307d3d55ae5b561ca66b83ac7c9638b53f8f8bfeb411b1709c0d62d91fc

    Score
    9/10
    persistence

    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Hijack Execution Flow

1
T1574

Scheduled Task

1
T1053

Privilege Escalation

Hijack Execution Flow

1
T1574

Scheduled Task

1
T1053

Defense Evasion

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks