f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506 | Triage

Sharing

General

Target

f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506
Size

603B
Sample

221125-2ra2pacf27
MD5

cd00bcf841a3eede649d5a1797a03f5c
SHA1

c35f0a6d69f6bfaa044260ed939eef4a93ff7374
SHA256

f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506
SHA512

2a66497bfd183b004f023b46587d930da375147ff5cc6edad3ce26c2584204798d10fa5edc25c0b246978a795c84c8998b0f50ec01d89f8682b400ae7e371706

Score

9^/10

linux persistence

Malware Config

Targets

- Target
  
  f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506
- Size
  
  603B
- MD5
  
  cd00bcf841a3eede649d5a1797a03f5c
- SHA1
  
  c35f0a6d69f6bfaa044260ed939eef4a93ff7374
- SHA256
  
  f8cc042317dc129ac5ea4b675139c9d3abf3f4670903b17fe6c5c65b82f1c506
- SHA512
  
  2a66497bfd183b004f023b46587d930da375147ff5cc6edad3ce26c2584204798d10fa5edc25c0b246978a795c84c8998b0f50ec01d89f8682b400ae7e371706
Score

9^/10

persistence
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Creates .desktop file
  Linux desktops like GNOME require .desktop files to register applications. Sometimes abused by malware for persistence.
  persistence
- Enumerates kernel/hardware configuration
  Reads contents of /sys virtual filesystem to enumerate system information.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

User Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4