d4bd84046acb7cf462c258e296eb9818ff8342ea69d37f04805d4b7e0d4888f2 | Triage

Sharing

General

Target

d59992b6d57682a2fd2ea7d8e2947876
Size

41KB
Sample

220810-natwkshecj
MD5

d59992b6d57682a2fd2ea7d8e2947876
SHA1

65013dc32c7d6ae1adbcc6c4fcd74980467e6ccf
SHA256

d4bd84046acb7cf462c258e296eb9818ff8342ea69d37f04805d4b7e0d4888f2
SHA512

a26f919854bc1285ebd5403daf8f45c890550639c9e9eb36e40a5033a152324a5d64c53dcddbc2f8609126bd2001df3302a49cbeaf59e3f4657784e68ba08785

Score

9^/10

discovery linux

Malware Config

Targets

- Target
  
  d59992b6d57682a2fd2ea7d8e2947876
- Size
  
  41KB
- MD5
  
  d59992b6d57682a2fd2ea7d8e2947876
- SHA1
  
  65013dc32c7d6ae1adbcc6c4fcd74980467e6ccf
- SHA256
  
  d4bd84046acb7cf462c258e296eb9818ff8342ea69d37f04805d4b7e0d4888f2
- SHA512
  
  a26f919854bc1285ebd5403daf8f45c890550639c9e9eb36e40a5033a152324a5d64c53dcddbc2f8609126bd2001df3302a49cbeaf59e3f4657784e68ba08785
Score

9^/10

discovery
- Contacts a large (172203) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Enumerates kernel/hardware configuration
  Reads contents of /sys virtual filesystem to enumerate system information.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Scanning

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1