Overview

overview

10

Static

static

10

x86.elf

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    x86.elf

  • Size

    120KB

  • Sample

    230317-njvjgaaa2v

  • MD5

    bc8a4da3d15a1c5a31eba01bb609d67c

  • SHA1

    ba29e8a02a439ec4d3af5fafebaeaec68ea75b54

  • SHA256

    acef6f73e8edd482ddc6fd032489dddbcd026ab6ff8b02ce4b6b922caa868664

  • SHA512

    1a43038b56d79d34ac0e900d7d980914d9d9579e4cc5923c747299b91be1946cfb95eb69af16c436006fc70537ee7a1691ba976f2ace6bb38b8290e087188622

  • SSDEEP

    3072:62Rfd0wrSAewzi+Xn+8Uhw6W+aPLJmDk1c8xF6KjW:6IZfO8IBeJmDk1c8xF6KjW

Score
10/10
gafgytlinuxpersistence

Malware Config

Targets

    • Target

      x86.elf

    • Size

      120KB

    • MD5

      bc8a4da3d15a1c5a31eba01bb609d67c

    • SHA1

      ba29e8a02a439ec4d3af5fafebaeaec68ea75b54

    • SHA256

      acef6f73e8edd482ddc6fd032489dddbcd026ab6ff8b02ce4b6b922caa868664

    • SHA512

      1a43038b56d79d34ac0e900d7d980914d9d9579e4cc5923c747299b91be1946cfb95eb69af16c436006fc70537ee7a1691ba976f2ace6bb38b8290e087188622

    • SSDEEP

      3072:62Rfd0wrSAewzi+Xn+8Uhw6W+aPLJmDk1c8xF6KjW:6IZfO8IBeJmDk1c8xF6KjW

    Score
    9/10
    persistence

    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Hijack Execution Flow

1
T1574

Scheduled Task

1
T1053

Privilege Escalation

Hijack Execution Flow

1
T1574

Scheduled Task

1
T1053

Defense Evasion

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks