d83874b7f55c9dbb300df995a39b3332639322eefa5195a839f64189c73a1cb9 | Triage

Sharing

General

Target

d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8
Size

103KB
Sample

230203-l5h2fshe6y
MD5

eb53dbbbcce91063a2220d658cf8b244
SHA1

26ae599f380f03e9c4a92c81a390198c3e565504
SHA256

d83874b7f55c9dbb300df995a39b3332639322eefa5195a839f64189c73a1cb9
SHA512

50f2578e22682ce543b8c49aba678551ccd48da17d704ffc615ab11baae14f7bb4366f09aa9cc5beaadcd996a9f5e150cce58664a27e9e8587f22d931210c200
SSDEEP

1536:Nmxh3aoVOFd4zRmMSFMMSk3jdNiTieuLBBybfqx3sknMv0Hcsi2h2I1j9EL9umSf:I3aoC69mNSkx+iBm5v0HHR2I1jKUm6

Score

9^/10

discovery persistence

Malware Config

Targets

- Target
  
  d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8
- Size
  
  106KB
- MD5
  
  4dde761681684d7edad4e5e1ffdb940b
- SHA1
  
  2327be693bc11a618c380d7d3abc2382d870d48b
- SHA256
  
  d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8
- SHA512
  
  91a61c719128f263f9f95736d55895954cc468c74ff469ee061d35ec382c50b9165e9a5427dc46a835dac6ae0e6e1f9819632475f68b98a907b53196bd4eb02a
- SSDEEP
  
  1536:3aQiZDMyqIlMBZ/R0F4E4kcHiNq98wk9njKZjjLuYo68864sNHFEzv7Ld76divkE:KzDMyqIMBZ/R0ufhBmgZy9yNsNmPtcE
Score

9^/10

discovery persistence
- Contacts a large (3269) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence