iptablez | 10edad7999da34e37a866beadf2bb2c1952e071c93cb8708e79ee45c90a06199 | Triage

Sharing

General

Target

10edad7999da34e37a866beadf2bb2c1952e071c93cb8708e79ee45c90a06199
Size

1.0MB
Sample

221125-pwm6lacb71
MD5

9966d5db77f247070fcac9590a3fde80
SHA1

ec0fdb1333443a7c0442dd279626bf8d58eb8cbb
SHA256

10edad7999da34e37a866beadf2bb2c1952e071c93cb8708e79ee45c90a06199
SHA512

e6a468cdfd9f720b217069f0dddc012b8549a834862d287ea101914503a048f644085c16b534b2b7418686b792a9ee0cb1e32977751d648d57ed0241bed17131
SSDEEP

24576:L8TklemVE3JnQaQAcA+xk3ZeRXP1qjStp/vtq6bUn5V:2IemVE6aQyTpexwyVOn5V

Score

10^/10

iptablez linux persistence

Malware Config

Targets

- Target
  
  10edad7999da34e37a866beadf2bb2c1952e071c93cb8708e79ee45c90a06199
- Size
  
  1.0MB
- MD5
  
  9966d5db77f247070fcac9590a3fde80
- SHA1
  
  ec0fdb1333443a7c0442dd279626bf8d58eb8cbb
- SHA256
  
  10edad7999da34e37a866beadf2bb2c1952e071c93cb8708e79ee45c90a06199
- SHA512
  
  e6a468cdfd9f720b217069f0dddc012b8549a834862d287ea101914503a048f644085c16b534b2b7418686b792a9ee0cb1e32977751d648d57ed0241bed17131
- SSDEEP
  
  24576:L8TklemVE3JnQaQAcA+xk3ZeRXP1qjStp/vtq6bUn5V:2IemVE6aQyTpexwyVOn5V
Score

7^/10

persistence
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads CPU attributes
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1