8d855c28744dd6a9c0668ad9659baf06e5e448353f54d2f99beddd21b41390b7 | Triage

Sharing

General

Target

8d855c28744dd6a9c0668ad9659baf06e5e448353f54d2f99beddd21b41390b7
Size

3.0MB
Sample

230330-gnf4babb45
MD5

9e232a14ba4fdb7f95d59d06682af25f
SHA1

f49dba7152bde55c4bb014a1819b466a35473915
SHA256

8d855c28744dd6a9c0668ad9659baf06e5e448353f54d2f99beddd21b41390b7
SHA512

cdcae0acd761403102c9ae9af49f75f985828b107d8487aacc3a66c3aa90111f5900609ee41d148abe874b9b5a068e2b4edade30e65932e8bbde3fe4d7648854
SSDEEP

98304:t2k8YNW6FUZu0W0E8oGYGCZ15nL3r+prEWp5a0OI:EZGZ8oru5a

Score

8^/10

linux persistence

Malware Config

Targets

- Target
  
  8d855c28744dd6a9c0668ad9659baf06e5e448353f54d2f99beddd21b41390b7
- Size
  
  3.0MB
- MD5
  
  9e232a14ba4fdb7f95d59d06682af25f
- SHA1
  
  f49dba7152bde55c4bb014a1819b466a35473915
- SHA256
  
  8d855c28744dd6a9c0668ad9659baf06e5e448353f54d2f99beddd21b41390b7
- SHA512
  
  cdcae0acd761403102c9ae9af49f75f985828b107d8487aacc3a66c3aa90111f5900609ee41d148abe874b9b5a068e2b4edade30e65932e8bbde3fe4d7648854
- SSDEEP
  
  98304:t2k8YNW6FUZu0W0E8oGYGCZ15nL3r+prEWp5a0OI:EZGZ8oru5a
Score

8^/10

persistence
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1