Overview

overview

9

Static

static

tlight.sh

ubuntu-18.04-amd64

9

tlight.sh

debian-9-armhf

9

tlight.sh

debian-9-mips

9

tlight.sh

debian-9-mipsel

9

Resubmissions

22-08-2022 17:16

220822-vs7zgsaggj 9

22-08-2022 17:12

220822-vqym2adfh5 9

22-08-2022 05:59

220822-gpy1hsbgdp 9

22-08-2022 02:57

220822-df17qscff9 9

22-08-2022 02:42

220822-c68ttscee5 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tlight.sh

  • Size

    1KB

  • Sample

    220822-gpy1hsbgdp

  • MD5

    894e976a4a3f5e6038168b5c4b78f98d

  • SHA1

    13cd9bc7146037714e546063867353cbb1b6ff03

  • SHA256

    54f9d96c9369f699bff8c8ceae4d6f1376616488696be2d361f8c83034eab238

  • SHA512

    4b3ddf27afd2f04d19d879aedf5e083af6d2511d426b6a9ce991ffcebaa4013890b6ab473c68c36c25717ced8c7ef4e89765fdd8407adc3b00be44256a0f7571

Score
9/10
discoverylinux

Malware Config

Targets

    • Target

      tlight.sh

    • Size

      1KB

    • MD5

      894e976a4a3f5e6038168b5c4b78f98d

    • SHA1

      13cd9bc7146037714e546063867353cbb1b6ff03

    • SHA256

      54f9d96c9369f699bff8c8ceae4d6f1376616488696be2d361f8c83034eab238

    • SHA512

      4b3ddf27afd2f04d19d879aedf5e083af6d2511d426b6a9ce991ffcebaa4013890b6ab473c68c36c25717ced8c7ef4e89765fdd8407adc3b00be44256a0f7571

    Score
    9/10
    discovery

    • Writes file to system bin folder

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Scanning

1
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Tasks