Overview

overview

9

Static

static

1

x86-20230709-1219.elf

ubuntu-18.04-amd64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    x86-20230709-1219.elf

  • Size

    108KB

  • Sample

    230709-phrlvsch79

  • MD5

    cb987c237cc3cf5f826e8c00ebb68dd7

  • SHA1

    9d635e6596e1a02f7d1365d55c9c5a7b98f685a0

  • SHA256

    bab8b344312fbb9250f575acee721949f2cbc4623fff1a9572ddc090e5097a89

  • SHA512

    c803aeca659241fa6d54c07efa3578a6ab2668ac255436f4f3760459ff559f73f1968da5309fcef6d6ae15e41074db516eabe38ce6b7674268788315bbe6cb66

  • SSDEEP

    1536:mvApv6qOQALGyB0YU3g0vr1sAZtsLv1ETBi9BleRr4Oj2B:mLqtALn0Y8XvreAZeUBaBlel4Oj2B

Score
9/10
discoverylinuxpersistence

Malware Config

Targets

    • Target

      x86-20230709-1219.elf

    • Size

      108KB

    • MD5

      cb987c237cc3cf5f826e8c00ebb68dd7

    • SHA1

      9d635e6596e1a02f7d1365d55c9c5a7b98f685a0

    • SHA256

      bab8b344312fbb9250f575acee721949f2cbc4623fff1a9572ddc090e5097a89

    • SHA512

      c803aeca659241fa6d54c07efa3578a6ab2668ac255436f4f3760459ff559f73f1968da5309fcef6d6ae15e41074db516eabe38ce6b7674268788315bbe6cb66

    • SSDEEP

      1536:mvApv6qOQALGyB0YU3g0vr1sAZtsLv1ETBi9BleRr4Oj2B:mLqtALn0Y8XvreAZeUBaBlel4Oj2B

    Score
    9/10
    discoverypersistence

    • Contacts a large (191962) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies password files for system users/ groups

      Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistence

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Writes file to system bin folder

    • Modifies Bash startup script

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks