9b4dfaca873961174ba935fddaf696145afe7bbf5734509f95feb54f3584fd9a | Triage

Resubmissions

08/09/2022, 17:48

220908-wdj5jscchn 1

08/09/2022, 16:49

220908-vbprkscccn 1

08/09/2022, 16:46

220908-t9xz6sfag9 1

08/09/2022, 16:45

220908-t9wr4sccbq 8

08/09/2022, 06:26

220908-g7mefadhb7 8

08/09/2022, 06:00

220908-gqbavadgg6 8

Sharing

General

Target

9b4dfaca873961174ba935fddaf696145afe7bbf5734509f95feb54f3584fd9a.elf
Size

22KB
Sample

220908-gqbavadgg6
MD5

ecbe1b1e30a1f4bffaf1d374014c877f
SHA1

86906b140b019fdedaaba73948d0c8f96a6b1b42
SHA256

9b4dfaca873961174ba935fddaf696145afe7bbf5734509f95feb54f3584fd9a
SHA512

c32be39eb99eaad7a3e63ccf2c23819d16ff904cb482f49ada199439331676ba03ec5c5edc039243c90b27555c7d0912f3b0104742480ecaeed7f0ff4d3302bb
SSDEEP

384:aeFHMJnorHlag/2x4v0wJ7KStX/u7KLc/Cuc+r:WorHcgt/JKSh/xc/Curr

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  9b4dfaca873961174ba935fddaf696145afe7bbf5734509f95feb54f3584fd9a.elf
- Size
  
  22KB
- MD5
  
  ecbe1b1e30a1f4bffaf1d374014c877f
- SHA1
  
  86906b140b019fdedaaba73948d0c8f96a6b1b42
- SHA256
  
  9b4dfaca873961174ba935fddaf696145afe7bbf5734509f95feb54f3584fd9a
- SHA512
  
  c32be39eb99eaad7a3e63ccf2c23819d16ff904cb482f49ada199439331676ba03ec5c5edc039243c90b27555c7d0912f3b0104742480ecaeed7f0ff4d3302bb
- SSDEEP
  
  384:aeFHMJnorHlag/2x4v0wJ7KStX/u7KLc/Cuc+r:WorHcgt/JKSh/xc/Curr
Score

8^/10

persistence
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence
- Modifies Bash startup script
  persistence
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1