Overview

overview

7

Static

static

1

eeccf51bb2...ddd6ab

ubuntu-18.04-amd64

7

eeccf51bb2...ddd6ab

debian-9-armhf

7

eeccf51bb2...ddd6ab

debian-9-mips

7

eeccf51bb2...ddd6ab

debian-9-mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab

  • Size

    41KB

  • Sample

    230515-pnt9yafc94

  • MD5

    b9e02521a0bb96eb0528c170770a0c2d

  • SHA1

    eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab

  • SHA256

    bb4c8ee23103cd57741a1008552dae1038c17c505dd16f80571d795d91892cad

  • SHA512

    6ecd57b14e5377c880d759979d0c3f461ed93a2f2c4ab69dfb3a550e973460e769c453d1ff38efe9d5e0c4aba43cddcf90bb5ff5a1e9b8dbb54095c3c688c6ba

  • SSDEEP

    384:l0FINvSo5o/Ds3oIywe4Xz2Ye6rDBzgHZ4zRZn7hElu/tOJJJ2JJJuOfvuy/97MA:qCv3oIywe4Xz2YeIDBzgHShFMSZf

Score
7/10
linuxpersistence

Malware Config

Targets

    • Target

      eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab

    • Size

      41KB

    • MD5

      b9e02521a0bb96eb0528c170770a0c2d

    • SHA1

      eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab

    • SHA256

      bb4c8ee23103cd57741a1008552dae1038c17c505dd16f80571d795d91892cad

    • SHA512

      6ecd57b14e5377c880d759979d0c3f461ed93a2f2c4ab69dfb3a550e973460e769c453d1ff38efe9d5e0c4aba43cddcf90bb5ff5a1e9b8dbb54095c3c688c6ba

    • SSDEEP

      384:l0FINvSo5o/Ds3oIywe4Xz2Ye6rDBzgHZ4zRZn7hElu/tOJJJ2JJJuOfvuy/97MA:qCv3oIywe4Xz2YeIDBzgHShFMSZf

    Score
    7/10
    persistence

    • Changes its process name

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks