General
-
Target
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
-
Size
35KB
-
Sample
221125-kjt16ahe5z
-
MD5
92fc64f05b1b0597acc58b7cc839a33b
-
SHA1
f9b3668004fb6810a3a6a44e31fb027782233dfc
-
SHA256
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
-
SHA512
58431bb60c834224b567727db06c1f6adf0845b76aec00aa18200a0e5a1758e2422695c2ad7268db22e77ea57748adb05affb90bec56bd397d62416c4f885094
-
SSDEEP
384:EQQwQHDf6lpTWg3vM4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdUeUoJpJydIDbS:oFNB48Fkc2zq0xvcGGIZ3L8eW
Static task
static1
Behavioral task
behavioral1
Sample
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral3
Sample
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral4
Sample
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Resource
debian9-mipsel-20221111-en
Malware Config
Targets
-
-
Target
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
-
Size
35KB
-
MD5
92fc64f05b1b0597acc58b7cc839a33b
-
SHA1
f9b3668004fb6810a3a6a44e31fb027782233dfc
-
SHA256
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
-
SHA512
58431bb60c834224b567727db06c1f6adf0845b76aec00aa18200a0e5a1758e2422695c2ad7268db22e77ea57748adb05affb90bec56bd397d62416c4f885094
-
SSDEEP
384:EQQwQHDf6lpTWg3vM4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdUeUoJpJydIDbS:oFNB48Fkc2zq0xvcGGIZ3L8eW
Score9/10-
Deletes system logs
-
Modifies the dynamic linker configuration file
Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.
-
Writes file to system bin folder
-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Writes file to shm directory
Malware can drop malicious files in the shm directory which will run directly from RAM.
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-