General
-
Target
China.Z-cmxg
-
Size
247KB
-
Sample
220919-w4m9wsgcdn
-
MD5
2884c19af9a01e1c6b3c558d15e323aa
-
SHA1
f42bbb40d301c8067542235fb8de9265aad755b1
-
SHA256
022e101f1d4671796972c9ae6eed81920a59003e751a0fd449b543f630ba36a8
-
SHA512
15b93aa310ca37070752fe072f007b1ba8714a7c2f81db4776fed5c017516fad71baeb0441e25df45ff5f924dc6db718d784c4d6062b2311e7406fda44df7821
-
SSDEEP
6144:uSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCIMhhhGd//mqYB:ZZRgUY/fsJcO1KOiXShhhGd/eB
Malware Config
Targets
-
-
Target
China.Z-cmxg
-
Size
247KB
-
MD5
2884c19af9a01e1c6b3c558d15e323aa
-
SHA1
f42bbb40d301c8067542235fb8de9265aad755b1
-
SHA256
022e101f1d4671796972c9ae6eed81920a59003e751a0fd449b543f630ba36a8
-
SHA512
15b93aa310ca37070752fe072f007b1ba8714a7c2f81db4776fed5c017516fad71baeb0441e25df45ff5f924dc6db718d784c4d6062b2311e7406fda44df7821
-
SSDEEP
6144:uSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCIMhhhGd//mqYB:ZZRgUY/fsJcO1KOiXShhhGd/eB
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-