33defc4ecff8a0b40c66bb797cb127c4f3df647a50c2995bd7b9414ba05716b1 | Triage

Submit
Reports

Overview

overview

Static

static

ef72909ce4...0a.elf

debian-9-mipsel

9

Sharing

General

Target

ef72909ce48b7aa09bea11c73194820a.elf
Size

358KB
Sample

230406-hsm8vsdg9x
MD5

ef72909ce48b7aa09bea11c73194820a
SHA1

405cb65139cf94b45b8e0922960e693da2ed09a9
SHA256

33defc4ecff8a0b40c66bb797cb127c4f3df647a50c2995bd7b9414ba05716b1
SHA512

fdf5b89bca9ac5824ec5a31bda028bd8c1afb37c621632897c1359b8004589912787d1b8641214d16452ff068548ca09ea12d13bdecb41010f2e6e16222a841f
SSDEEP

6144:YCWUWbbMK14mECiqWmOaC1ztPASfIOV68eU1fY5hEQrDh895BtLyhbkMOzqzFSAZ:jvqOyURY55PYOhbkMOGzc6z9FmiIuCYp

Score

10^/10

antivm botnet persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ef72909ce48b7aa09bea11c73194820a.elf

Resource

debian9-mipsel-20221111-en

antivm persistence

debian-9-mipsel

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  ef72909ce48b7aa09bea11c73194820a.elf
- Size
  
  358KB
- MD5
  
  ef72909ce48b7aa09bea11c73194820a
- SHA1
  
  405cb65139cf94b45b8e0922960e693da2ed09a9
- SHA256
  
  33defc4ecff8a0b40c66bb797cb127c4f3df647a50c2995bd7b9414ba05716b1
- SHA512
  
  fdf5b89bca9ac5824ec5a31bda028bd8c1afb37c621632897c1359b8004589912787d1b8641214d16452ff068548ca09ea12d13bdecb41010f2e6e16222a841f
- SSDEEP
  
  6144:YCWUWbbMK14mECiqWmOaC1ztPASfIOV68eU1fY5hEQrDh895BtLyhbkMOzqzFSAZ:jvqOyURY55PYOhbkMOGzc6z9FmiIuCYp
Score

9^/10

antivm persistence
- Attempts to identify hypervisor via CPU configuration
  Checks CPU information for indicators that the system is a virtual machine.
  antivm
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Tasks

static1

behavioral1

antivmpersistence

© 2018-2024

Terms | Privacy