Overview

overview

9

Static

static

home.x86_64

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    home.x86_64

  • Size

    36KB

  • Sample

    220816-g5gfeagag5

  • MD5

    3941499f7834bd66d09e63d463d74e34

  • SHA1

    e947c12fb277f685a600d7617f9e53b504342d3f

  • SHA256

    b78feb46b8c0e822465d090421a54934015fb613d5c1c747f3ee7c0bb5ee98c9

  • SHA512

    f82e678d43fc4788417bb42c632559f7af1231b96960453f0b6182807d5cc9fd6d16f7e4a0f1b459b9be284391a5ef22d5a3c1daf3f9e1482744851e878c1e2a

Score
9/10
discoverylinux

Malware Config

Targets

    • Target

      home.x86_64

    • Size

      36KB

    • MD5

      3941499f7834bd66d09e63d463d74e34

    • SHA1

      e947c12fb277f685a600d7617f9e53b504342d3f

    • SHA256

      b78feb46b8c0e822465d090421a54934015fb613d5c1c747f3ee7c0bb5ee98c9

    • SHA512

      f82e678d43fc4788417bb42c632559f7af1231b96960453f0b6182807d5cc9fd6d16f7e4a0f1b459b9be284391a5ef22d5a3c1daf3f9e1482744851e878c1e2a

    Score
    9/10
    discovery

    • Contacts a large (440765) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Scanning

2
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks