17a8911c8075c2708860eabd3443856178765631ecb015d63cda5895a6cd6a4b | Triage

Resubmissions

16/02/2023, 19:36

230216-ybcnssba9x 9

16/02/2023, 19:35

230216-yaq5ssba81 5

16/02/2023, 19:33

230216-x9sbgabd73 5

Sharing

General

Target

01b09b554c30675cc83d4b087b31f980ba14e9143d387954df484894115f82d4.zip
Size

629KB
Sample

230216-ybcnssba9x
MD5

5831b304ba634fbfed26cf4354158c6f
SHA1

fc8841f913384688ac0a7868d1ab951bfdac6050
SHA256

17a8911c8075c2708860eabd3443856178765631ecb015d63cda5895a6cd6a4b
SHA512

d8d6c55a05a301e8b52f9d17f2c16ee7038c7dc1224075a7dcdb3358e73eca1b3ed843372e1c455f03f475d7276ddae32f8956640eb340b391fe733185015f68
SSDEEP

12288:BAqiEvMWpdd0WVYL0ydTDaaGKDp0uIpExWoJ//sLhK/yxB4aQp3y2Fg8X:15vMWpElGi0uKE0oJ//s8kaaQpCi

Score

9^/10

linux persistence

Malware Config

Targets

- Target
  
  01b09b554c30675cc83d4b087b31f980ba14e9143d387954df484894115f82d4
- Size
  
  1.4MB
- MD5
  
  6dc27523eb048bb7197bfdf39d6d15dd
- SHA1
  
  586196ff024b0abe2f92601c73b59c9631900f45
- SHA256
  
  01b09b554c30675cc83d4b087b31f980ba14e9143d387954df484894115f82d4
- SHA512
  
  3831836465e77d06837304b32ee2defa1830076d73051826ebbf423ceb08dbe9b19eebb6b7b78fc00c16deb720687a4efdaa0a6db78129f98ce2b0ac07241d5a
- SSDEEP
  
  24576:zgSI8vsH7rb/TrvO90dL3BmAFd4A64nsfJ+11JqWLB1e+gdEmWm9pxA+D1U:dI8Ebrb/TrvO90dL3BmAFd4A64nsfJQ
Score

9^/10

persistence
- Deletes system logs
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates kernel/hardware configuration
  Reads contents of /sys virtual filesystem to enumerate system information.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Indicator Removal on Host

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1