Overview

overview

9

Static

static

1

7af5c37cc3...ec7ceb

ubuntu-18.04-amd64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    7af5c37cc308a222f910d6a7b0759837f37e3270e22ce242a8b59ed4d7ec7ceb.zip

  • Size

    1.7MB

  • Sample

    231103-fqgl7aed43

  • MD5

    6aabeda8beeac8e14ffceba3d1999902

  • SHA1

    e403d2d7f37e2b614a9ffa8aba41d42213c5f7fc

  • SHA256

    4cce779286d312b78a2ff87ddd28502ab07de8cbb30eb340ad4a94113c08fd5d

  • SHA512

    a9fed6d3f0bd64184644dc14e3ef77f851f3e169cc3244b2e2c95c31845a95386b83fe756fdb47ec3ccbdf25d636c9d507c09d8d44b6efcce9c359ad91e66853

  • SSDEEP

    49152:e+WHrO49w896QUeu+YJpNmwSprpR/Dr09Ug:3MOM/9LBuPJv7QT//09h

Score
9/10
linuxpersistenceransomware

Malware Config

Targets

    • Target

      7af5c37cc308a222f910d6a7b0759837f37e3270e22ce242a8b59ed4d7ec7ceb

    • Size

      4.0MB

    • MD5

      d037165697dfd6ce7fb19463a08aa919

    • SHA1

      7f3e3f4d89fe23a7abf58696fe53daf8b8fea2c0

    • SHA256

      7af5c37cc308a222f910d6a7b0759837f37e3270e22ce242a8b59ed4d7ec7ceb

    • SHA512

      c539e79527b03723560036a707dd3e9b2bf8526f15ebdc4bb9e35ead7e858575984d0a4a29078c28cf81420cc97546f08bfa647e75627da1318f898ec95dc20b

    • SSDEEP

      49152:iiCCwCerb/TyvO90dL3BmAFd4A64nsfJulXiAKBSoKrHOajYdYvM+mS2NiguojpG:iixIBdajY+KWsvE

    Score
    9/10
    persistenceransomware

    • Renames multiple (739) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistence

    • Write file to user bin folder

    • Modifies Bash startup script

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks