Overview

overview

7

Static

static

6637f76dce...d9556e

ubuntu-18.04-amd64

7

6637f76dce...d9556e

debian-9-armhf

7

6637f76dce...d9556e

debian-9-mips

7

6637f76dce...d9556e

debian-9-mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6637f76dce8486449059e817169f96e81992bd88ef686e094154036754d9556e

  • Size

    1KB

  • Sample

    221125-yapa7sae32

  • MD5

    6acfc27bf16bf39d7cd6618fc2b57137

  • SHA1

    3a3759c509e8ca578c504f162d2e1ee336193f3c

  • SHA256

    6637f76dce8486449059e817169f96e81992bd88ef686e094154036754d9556e

  • SHA512

    4d4ce060047d41364fd0a7a4c6e615af6657c46347abafe6e93bf8363dfa2648185c229699525397938c77ca4b802893cbffe39b572f534ddb5f7b9402f34bda

Score
7/10
linuxpersistence

Malware Config

Targets

    • Target

      6637f76dce8486449059e817169f96e81992bd88ef686e094154036754d9556e

    • Size

      1KB

    • MD5

      6acfc27bf16bf39d7cd6618fc2b57137

    • SHA1

      3a3759c509e8ca578c504f162d2e1ee336193f3c

    • SHA256

      6637f76dce8486449059e817169f96e81992bd88ef686e094154036754d9556e

    • SHA512

      4d4ce060047d41364fd0a7a4c6e615af6657c46347abafe6e93bf8363dfa2648185c229699525397938c77ca4b802893cbffe39b572f534ddb5f7b9402f34bda

    Score
    7/10
    persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Reads CPU attributes

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks