730b754ad865fd2b2311429c6cd54f29458fe389125499284decc8710ad7f003 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b2c6308646d740a9458c3cfaa2414d7
Size

82KB
Sample

231219-2dl7ssgbhl
MD5

0b2c6308646d740a9458c3cfaa2414d7
SHA1

a1f424ce87a9ea78a4efdf4026327665cb54b192
SHA256

730b754ad865fd2b2311429c6cd54f29458fe389125499284decc8710ad7f003
SHA512

ee13d6b96daeb0879128ba250b3bd2c7a1d94a26de485f43edfe8b22faf465ce49ed63a4a5fb9f93ba49519bbc5bec63bfd8ab06e8b51293a0150b006713cf68
SSDEEP

1536:WKI7aB/7v8twWV6VeX65RqJmiZCcIqBK:JI7aB/7v8twWZmij

Score

9^/10

discovery

Malware Config

Targets

- Target
  
  0b2c6308646d740a9458c3cfaa2414d7
- Size
  
  82KB
- MD5
  
  0b2c6308646d740a9458c3cfaa2414d7
- SHA1
  
  a1f424ce87a9ea78a4efdf4026327665cb54b192
- SHA256
  
  730b754ad865fd2b2311429c6cd54f29458fe389125499284decc8710ad7f003
- SHA512
  
  ee13d6b96daeb0879128ba250b3bd2c7a1d94a26de485f43edfe8b22faf465ce49ed63a4a5fb9f93ba49519bbc5bec63bfd8ab06e8b51293a0150b006713cf68
- SSDEEP
  
  1536:WKI7aB/7v8twWV6VeX65RqJmiZCcIqBK:JI7aB/7v8twWZmij
Score

9^/10

discovery
- Contacts a large (18397) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1