dc30e18cd588c7385d0ccb41ffcfc5a8411fb8d87d3283d0ce927475fb125ade | Triage

Sharing

General

Target

run.sh.zip
Size

2KB
Sample

230304-zlrfdaeb8y
MD5

8063aa36518907affb05fbb370195bdf
SHA1

8234ce1d09b2e149498b479ec188bc8230d65955
SHA256

dc30e18cd588c7385d0ccb41ffcfc5a8411fb8d87d3283d0ce927475fb125ade
SHA512

0a5f621b5d8e06be826cb64664e8cd7a0dfdd2d7fbc669129b3f481d48431fe422898c6f5e1a30424116638f6306a053fd7ab453f1e712d5afc8416f7c45355b

Score

9^/10

linux persistence

Malware Config

Targets

- Target
  
  run.sh
- Size
  
  8KB
- MD5
  
  e34bac21135beadf24e557e6a8cd7a64
- SHA1
  
  def390dddd27d379d4fb38c80fc69d7997425ff8
- SHA256
  
  82c388aafffef7d131167904bba3a514f2480757489b0810d04437050784ad31
- SHA512
  
  8bacb26ecd8a6157e6eaedc271db20590fe62848c4e742339384c01e4fcb1df4a8f19a089c950337061b40998a9de52666e0a3c232aed69080be1a26ee2242c8
- SSDEEP
  
  96:bCUA/F3XH3t3Zu5bufqufVuHWK7ZXkTKk9kfKkQkRkfIk4kv2k8kalhX5KsU6uZR:b7qnpWAFuWK71gVfwzXUstqVk8EbYF
Score

9^/10

persistence
- Deletes system logs
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Write file to user bin folder
- Reads CPU attributes
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

Indicator Removal on Host

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1