Overview

overview

5

Static

static

EverFocus ...mm.jar

windows7-x64

1

EverFocus ...mm.jar

windows10-2004-x64

1

EverFocus ...e.html

windows7-x64

1

EverFocus ...e.html

windows10-2004-x64

1

EverFocus ...art.sh

ubuntu-18.04-amd64

5

EverFocus ...art.sh

debian-9-armhf

5

EverFocus ...art.sh

debian-9-mips

5

EverFocus ...art.sh

debian-9-mipsel

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95ac04da9a868514865cd58b5ed0e1900192d4b93232de6e37802bd8aeb18512

  • Size

    100KB

  • Sample

    221126-zcg6cace72

  • MD5

    9e0630f7ef4fccd6844d1ec0c5271207

  • SHA1

    499aaea6801208cd2dc5c145f63227e57b785b9a

  • SHA256

    95ac04da9a868514865cd58b5ed0e1900192d4b93232de6e37802bd8aeb18512

  • SHA512

    3a74e37b77a5e5adfbedcde5fd92dc907018fa8e15b41856b69bd3ef48aafcd86e66b6530938ca9377cb2be40bc94aee4729f57784cb22a6c2b519a62898790b

  • SSDEEP

    1536:Yb6RjZf504lQmPGWQq7JW9Iujl5AX9Lg1UktJPinvBBB:Yb6Rh1uWQqtW9rjC9E1U6dyBBB

Score
5/10
linux

Malware Config

Targets

    • Target

      EverFocus Exploit/edsrcomm.jar

    • Size

      61KB

    • MD5

      31b627b0454acbe1fded4ee532449290

    • SHA1

      537b1fee3f9d2c3a4cb44e99acee663f81f7f81e

    • SHA256

      a63af67daf829e9b13e4e798e5d19b059794fe2262a5c3d1bd10d719d8c9804f

    • SHA512

      89c2f1b0b03cf752b63bbbb9f1005154d2c9bf80a514a71e576038d9b64f3e41a5c21ec3c0da5710ba9adb18c90f3f4830c20fbb3ea18e0cb2f2582528c3b12a

    • SSDEEP

      1536:2b6RjZf504lQmPGWQq7JW9Iujl5AX9Lg1Ukb:2b6Rh1uWQqtW9rjC9E1Um

    Score
    1/10
    behavioral1behavioral2

    • Target

      EverFocus Exploit/page.html

    • Size

      403B

    • MD5

      db6112a67756a21dd47d327c8cb6745d

    • SHA1

      1a17dc9185576ad8e85392f08e94df4d414f4749

    • SHA256

      e9683a7bd46555330a038d2b9b50a53eff7dc4fb3961662a500d70be303b670a

    • SHA512

      ee90907fb47134ce49673ec3f99742371b4c36603a6de4ecb34f8c7c244943e7f8d9dc4f478e9d7d67d92a426fe3e5d0863cf0d066956e53741b5efa61a448d7

    Score
    1/10
    behavioral3behavioral4

    • Target

      EverFocus Exploit/start.sh

    • Size

      280B

    • MD5

      eb61edc53c0769f983a08167273599f0

    • SHA1

      8edc03962091716abe3b9ffe5541ca3ab0ef935d

    • SHA256

      6525103cd28314dce2cbf150f5c9e3134c5bdfc55eb917cc8494813dbef8fb5d

    • SHA512

      8e3e406744a07655da826512efbbfdb98cce7f19b662263632322e9c3abdb11b3f185a21cdbf7251969fd713fe1dae45fb3c77a01bba98f984aca7e5889973c6

    Score
    5/10

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral5behavioral6behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks