5b03ea53097246f8f821284993394e591ac149a68e0f8116c592ebaae7f27299

Sharing

Copy URL

Twitter E-mail

General

Target

5b03ea53097246f8f821284993394e591ac149a68e0f8116c592ebaae7f27299
Size

404KB
Sample

221003-cekmxsbdg9
MD5

7adf6d5e87504e1db9f00f18de9a6c80
SHA1

a2704988b00cff748437ddc4d225c99eec7b616b
SHA256

5b03ea53097246f8f821284993394e591ac149a68e0f8116c592ebaae7f27299
SHA512

4bd76dfc724ea937ffc7617aa57935fc82c8d44698deaba9a2fca2a002a7e0684c83854913dc5059125262c3f52086c92c7bf9387c0ad1a54cc34b930c24780f
SSDEEP

6144:iz/1+I/O0PKlxwd1xOn0w39cEx955DrHH:iz/UIKlCpO0qXxln

Score

7^/10

linux

Malware Config

Targets

- Target
  
  tmp/bluarm
- Size
  
  47KB
- MD5
  
  4bfc049dd23814dc31b0e480407027a1
- SHA1
  
  29f1d02b677e97809af581cae948994836661bba
- SHA256
  
  848f39da113e85386e3564daf7019b3ae1c842f7119f82ed32861371a1f13fb0
- SHA512
  
  9a47ddd66585bb1b89cf6f97efd1b29b24cea7591aadb9672272545212f385595fc3ed00ad66064cc05668078ccf61f9d7471f7738fda2cda70f1e54a1703b71
- SSDEEP
  
  768:A4C39pCj9utV21AOtj5wDBZuaAzk0RIY95UTTSG5KxaY2:A139pou21AOtjqDBZuaAzk0R35UTSG8u
Score

1^/10
behavioral1
- Target
  
  tmp/blui686
- Size
  
  38KB
- MD5
  
  805b48b3b9a54cb94edd79701895567f
- SHA1
  
  c2f5aea000090a9e1721f2cbafb3542304ee256f
- SHA256
  
  a7c8edefab1983a6fc8e34e895633b68db1cd8004a29170e4952c8ad0271ee6d
- SHA512
  
  3787db69eb65657377912692c1321f7e167f98b4a1d05c995b3c3ef150815c061da5f1e1adc193c268f47c0703686c5c8b281108559e13cb5d265ab57d290c6b
- SSDEEP
  
  384:f4YzM5UzH8rhU0DgKlfKT5+46oPpEjSk3Cac0aRyeSmFtrL0r7VyTwrqlGP7X6sl:gYY2zH89U1+eqSkyFp41el+6vCL7
Score

1^/10
behavioral2
- Target
  
  tmp/blumips
- Size
  
  60KB
- MD5
  
  f441cb131ec6e416ca3724c6d1cf700e
- SHA1
  
  50691af3c657365ce2f5e6f697dc143cf4cfc26e
- SHA256
  
  a4a0fb70e8f0165a72a5ca5cdba64de96f6c41858de58fa33599584712413f1e
- SHA512
  
  947971f5cd07f0592ca53095c44edc1ff767b8ee1c43ee357633322adb0ed23bd36db4558bf3d617c4378cd616bc16119987a95ebdc93e08e2f4615853e90a2c
- SSDEEP
  
  1536:tXB1NL7Kqgu1mP1m+UUMTnXfSYY2rKnDG:tBFHtB
Score

1^/10
behavioral3
- Target
  
  tmp/blumips64
- Size
  
  55KB
- MD5
  
  71acf88a0972692e9273ebe2e765e2de
- SHA1
  
  d78ec55b952d2e22c2b1bd120ef549814fb2a2b5
- SHA256
  
  25920e2926a9674b05ceffc6e0be3a6be2af77ef694737d2cf99c68a7a5aa4f0
- SHA512
  
  2b6f5a6ea6b410ec4bfb4c0e6546adc81fdf115069186409f02a9219e7585a5ddde716f5397c9ef1e3e3590e7d25390bb39171a050c2e44da9f29bb9c205cd58
- SSDEEP
  
  768:s6zMmM/iD0gJ8SW+NmmPOL8m89BXCdjt/PZagZS8A8LGjdEudB:xzxiE0gJ5W+NmTRII/PUgZS8AYw
Score

1^/10
behavioral4
- Target
  
  tmp/blumipsel
- Size
  
  60KB
- MD5
  
  de1c0afa745361aa6a77afb18cdd0c47
- SHA1
  
  027fa9edb9f0407e42852d94c955c9c7b21b2d7a
- SHA256
  
  c7df2794a7f637f45f6ec9d4c2736e9bdbb4de935288823a568cffb837b5317a
- SHA512
  
  6a1de2b9e98713c351d7042aae9d4781dae490fab63cc3397183b948d8b4b52fdc4d5dc4a7a1d68bf1693c893e89512ee7805d1e711cf295525fffaa1224e983
- SSDEEP
  
  768:I65bQM65T5U5oC39OqLseT25sIgwXu+U08bVdlKIxMGrkH0Oj:I/pC39OIseTa0wXu+UdbVnKgMBh
Score

1^/10
behavioral5
- Target
  
  tmp/bluppc
- Size
  
  43KB
- MD5
  
  7035635683479dad34927c0ebacc6fda
- SHA1
  
  3b696f8003e3999e79e022c6aa441e8afd89b422
- SHA256
  
  89f5f38cc6bd05211e281614dabb3fff33b899547154eaff91980d70ccb987c1
- SHA512
  
  8a69d5178fe50e57ecfc2a766aebed67a66264d63db5fc47c7d19ab9447a795ec6be54e713122583a7d1b725a476dc0e0a3b126c8a15da08fe10bbc4b577b398
- SSDEEP
  
  768:MQPP6UIWNczacCgDopqzReJ+wU3odKDo4n6XJRJ/1cy:MQPcCgEpqzRc+VYdKX6XJRPf
Score

1^/10
behavioral6 behavioral7 behavioral8 behavioral9
- Target
  
  tmp/blush
- Size
  
  42KB
- MD5
  
  605aaf85ba157adee41ae90f53d182fe
- SHA1
  
  e94d8e0aad99bc4c2a841d5ebb78386e3a960b9a
- SHA256
  
  5593b7f69a2ffd65b299bf2c0f4a1266539c389591152a984daa7db13cd8fe41
- SHA512
  
  a36efb1b7cfeaa70f395dc60172c129ef45bad72db124e1b2cb881b7c2741671e09d56dbba393c99978352ed5a45ca67a6d83f82bb42500c1230ea95fffe2af9
- SSDEEP
  
  768:XBtgqzfqNBOEIT9xtuxpC2uCtO6Xb1vaW1z0rjJRy:XBtgIqKBu4Kb1CwzQ10
Score

1^/10
behavioral10 behavioral11 behavioral12 behavioral13
- Target
  
  tmp/blux86
- Size
  
  45KB
- MD5
  
  77168f05d80f9f9465f2ecbd5ae6ce2c
- SHA1
  
  cfe8aad283942b1153bf18973bff0a317af989a5
- SHA256
  
  1f80fb038440c8f9ce55191850b88d71120ab7ed36e42305114d14ee6b4b768a
- SHA512
  
  490f96062d1cb7e7224c4439520664968b8363152537e3b7f493c96846a1bed25deeecf8ecb0cd042e7fdd6ce735fa8b1ec41c36b801dfb6ea9f0def6c9e53b6
- SSDEEP
  
  768:pvAfe9klHTUFPrZHyPudl/FDp2fV6KoJe6ZKW:T6HTzc9DpG6KOIW
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral14
- Target
  
  tmp/rftp.sh
- Size
  
  543B
- MD5
  
  14dcef3dd4cc163cda3acafdce3e1855
- SHA1
  
  2fa79835d19bb0021fa3687b21d05600f2dbef95
- SHA256
  
  c20d42369a607ef0dd0853b7cb9e633a5fa874b2403fb8bcd020f167a5466e67
- SHA512
  
  dc845248446f25e6558d295191aad2a5a2c433b3dc711e12812a258b08381fa167f3c45fe125385f5068acab3ae751bf67ab96d8664c008a02083ab5fde90e42
Score

5^/10
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral15 behavioral16 behavioral17 behavioral18

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Reads system routing table

Reads system network configuration

Writes file to tmp directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18