d4d40f8983f90772825a79488ba12c0ab94f825abc11c0b356ffff6cc1a76bdf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c0ea8d8a2c8aacef75fadc1d5f68a80
Size

78KB
Sample

231219-2k6vsaebg4
MD5

1c0ea8d8a2c8aacef75fadc1d5f68a80
SHA1

bf19fc7d8eb36a4fe79324404079d534074fa450
SHA256

d4d40f8983f90772825a79488ba12c0ab94f825abc11c0b356ffff6cc1a76bdf
SHA512

d67f24816ca0b8d3878d63c0161cf254c724602976c9a1d5063615c53f69c3929c26628b4394c8fb8a08041a85811aa3a426ffad1e3497826405585440416f48
SSDEEP

1536:9o2RtKAeUz58WF9I6ZjY55yL9GV2o3ZlDJXPG:62RtKAeUz58WF9CV26

Score

9^/10

discovery

Malware Config

Targets

- Target
  
  1c0ea8d8a2c8aacef75fadc1d5f68a80
- Size
  
  78KB
- MD5
  
  1c0ea8d8a2c8aacef75fadc1d5f68a80
- SHA1
  
  bf19fc7d8eb36a4fe79324404079d534074fa450
- SHA256
  
  d4d40f8983f90772825a79488ba12c0ab94f825abc11c0b356ffff6cc1a76bdf
- SHA512
  
  d67f24816ca0b8d3878d63c0161cf254c724602976c9a1d5063615c53f69c3929c26628b4394c8fb8a08041a85811aa3a426ffad1e3497826405585440416f48
- SSDEEP
  
  1536:9o2RtKAeUz58WF9I6ZjY55yL9GV2o3ZlDJXPG:62RtKAeUz58WF9CV26
Score

9^/10

discovery
- Contacts a large (22399) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1