ed902957efb11382546f2cff80e5284832f7f53c4e2b82b9d181c1f3ef65513f | Triage

Sharing

General

Target

3a642e2d4e682dbd47747e5e6313b3a1cd089dcd
Size

2KB
Sample

230131-p7drasgd85
MD5

8679646f1c0709c8cb09d407f4cd5c45
SHA1

3a642e2d4e682dbd47747e5e6313b3a1cd089dcd
SHA256

ed902957efb11382546f2cff80e5284832f7f53c4e2b82b9d181c1f3ef65513f
SHA512

a4de6e93f637fb98905af32bed13a379234dda2c8c9c238c3f6f62d010e9b1fcf07cd34bfe690be2c0275ea9147c003d29a53492ef268946ac889297f550e95f

Score

9^/10

discovery linux

Malware Config

Targets

- Target
  
  3a642e2d4e682dbd47747e5e6313b3a1cd089dcd
- Size
  
  2KB
- MD5
  
  8679646f1c0709c8cb09d407f4cd5c45
- SHA1
  
  3a642e2d4e682dbd47747e5e6313b3a1cd089dcd
- SHA256
  
  ed902957efb11382546f2cff80e5284832f7f53c4e2b82b9d181c1f3ef65513f
- SHA512
  
  a4de6e93f637fb98905af32bed13a379234dda2c8c9c238c3f6f62d010e9b1fcf07cd34bfe690be2c0275ea9147c003d29a53492ef268946ac889297f550e95f
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4