88abf394326a89f2c42fc29d36a41ecde0fc9ac984e2ae3b76c6b03b1378913c | Triage

Sharing

General

Target

evilginx.zip
Size

8.7MB
Sample

221226-m6e7macg93
MD5

0997e4bc625c42bc71f245f5ed64dae7
SHA1

d27106b96e2ea641e349d4d709b2bb3f74988b0b
SHA256

88abf394326a89f2c42fc29d36a41ecde0fc9ac984e2ae3b76c6b03b1378913c
SHA512

f008a6ede52a2434e4cef56356fffaaa55ffd4a1c6cc14ce29d84cf3dec747fabb7b3a9c88498137b2e4b49747877070d0ab97d8b5985d237828f5d779cddd95
SSDEEP

196608:nUWE1TKkKjKcP0IeoHYXqYfrK5VJvbPF2m4CcI0MRKwWyvliia:nUWE1TLK2Ie/XDCVJzT/RKwWyvlA

Score

8^/10

linux

Malware Config

Targets

- Target
  
  evilginx.elf
- Size
  
  17.1MB
- MD5
  
  b1770bc7c4fb100a2109054e0e5bb66c
- SHA1
  
  eb102a6a998649cf12177fb0e1b84081eea3b4cc
- SHA256
  
  10d25dd902a46d9c50908390227d971ca2b9ddb782b88c60daed051e2f16c942
- SHA512
  
  9eb1952f26f8098dd4522762fda38add15c836972039bf29d88df665e7bac0b601c003d9401de4b9bbff2beafafe2e087d0fae12265efe0bd51258e6eda885a5
- SSDEEP
  
  196608:W3LV3yAvzaB78CHHjpKWPt+GbaH+b7j050o/:WZpOBHH0+Meb7Q50i
Score

8^/10
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Enumerates kernel/hardware configuration
  Reads contents of /sys virtual filesystem to enumerate system information.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1