Overview

overview

8

Static

static

samx.sh

ubuntu-18.04-amd64

8

samx.sh

debian-9-armhf

8

samx.sh

debian-9-mips

8

samx.sh

debian-9-mipsel

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    samx.sh

  • Size

    400B

  • Sample

    221123-s4ljhsga8s

  • MD5

    6039cf7d6cc1378682e1a983fcaba7a8

  • SHA1

    3ca4e29546ca125fd98429768ae0fd44182ccdee

  • SHA256

    af2bc5dda7b0ae47a3ccd286afa17718b4e81daf944a8784e445e597dbbdcd28

  • SHA512

    4119e1787b6edcc2639f0266308aea50891e67ea23404a060dd46bea082bc26033d8aafb93c06c084c391e141f838eacf21433cf94aabf1bf1e7b8e393504253

Score
8/10
linux

Malware Config

Targets

    • Target

      samx.sh

    • Size

      400B

    • MD5

      6039cf7d6cc1378682e1a983fcaba7a8

    • SHA1

      3ca4e29546ca125fd98429768ae0fd44182ccdee

    • SHA256

      af2bc5dda7b0ae47a3ccd286afa17718b4e81daf944a8784e445e597dbbdcd28

    • SHA512

      4119e1787b6edcc2639f0266308aea50891e67ea23404a060dd46bea082bc26033d8aafb93c06c084c391e141f838eacf21433cf94aabf1bf1e7b8e393504253

    Score
    8/10

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Tasks