Overview

overview

7

Static

static

1

CVE-2021-4...034.sh

ubuntu-18.04-amd64

6

CVE-2021-4...034.sh

debian-9-armhf

7

CVE-2021-4...034.sh

debian-9-mips

6

CVE-2021-4...034.sh

debian-9-mipsel

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    b8052aa339c397deee350fba4977d08b3a6966e766252089141da34ab7e0ee43

  • Size

    6KB

  • Sample

    231023-3h6mnsag64

  • MD5

    270feb3a6e3aee8cd1d6c2014374a3e7

  • SHA1

    d4a941014d8d8aa4eb0c2a7d8b8a25d67b8360fa

  • SHA256

    b8052aa339c397deee350fba4977d08b3a6966e766252089141da34ab7e0ee43

  • SHA512

    11d3eed95a54f66aa15b7b5284364991b8053ef482f15fe364f312b96a9bf2d23585d71daed7ae6d9ae7f9737648a2356307c7da265137482b337a5e0a467503

  • SSDEEP

    96:ScZySqrpO3UX3O+Mttn/m4j9iBdSsE96Kw2faF0Nb:SccSOOEX+Zf/mii2qKxyF0Nb

Score
7/10
linux

Malware Config

Targets

    • Target

      CVE-2021-4034/cve-2021-4034.sh

    • Size

      305B

    • MD5

      151fcb01bcb58f6836dc4de76bc9672d

    • SHA1

      636089fa2cace9cc33f482d348e9de8cb5cfc571

    • SHA256

      a3c982eff2948f3dfbe97bdf3d631f8bb82c78e231b5f5978e4ef370fdc52174

    • SHA512

      929aaa36bdfa0a3db995f2391f5879cbef50ed79fbea72838e1306b0a7dbb90633e2b69a97b93687a2fa3880831a2af59b06c2db0e2f9ffc1e1ece9ce6896c83

    Score
    7/10

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Uses Polkit to run commands

      Uses Polkit pkexec as a proxy to execute commands, possibly to bypass security restrictions.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks