e6cf4f6f4a0fcb1c67cda0efb33dd6f1bd6e9e8e221ec4c3c00c211fa19e7e62 | Triage

Sharing

General

Target

e694ed27fc6648d29f697dcee37e95f7
Size

43KB
Sample

220815-cezrvaffg9
MD5

e694ed27fc6648d29f697dcee37e95f7
SHA1

7a2c88549435597eefa851eecfc9f9c3d40c2c96
SHA256

e6cf4f6f4a0fcb1c67cda0efb33dd6f1bd6e9e8e221ec4c3c00c211fa19e7e62
SHA512

19436017c53bf369f0a5c29497a0d9ca9ec97fd9537f060b012d4792879f72cc5e378863687ec36650ec232ee32343e4a98e8f66e07c2dafa1741a47efb6ac38

Score

9^/10

linux

Malware Config

Targets

- Target
  
  e694ed27fc6648d29f697dcee37e95f7
- Size
  
  43KB
- MD5
  
  e694ed27fc6648d29f697dcee37e95f7
- SHA1
  
  7a2c88549435597eefa851eecfc9f9c3d40c2c96
- SHA256
  
  e6cf4f6f4a0fcb1c67cda0efb33dd6f1bd6e9e8e221ec4c3c00c211fa19e7e62
- SHA512
  
  19436017c53bf369f0a5c29497a0d9ca9ec97fd9537f060b012d4792879f72cc5e378863687ec36650ec232ee32343e4a98e8f66e07c2dafa1741a47efb6ac38
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1