6429d0779119edba98b1ba6c4e2628673fd8053c8164c218a9adf7a4cc26887b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20cd2d81cb6bbc85dd482431b1e0f836
Size

36KB
Sample

231219-2m2c3sbgcl
MD5

20cd2d81cb6bbc85dd482431b1e0f836
SHA1

0d51a3e0702ac7b249954951262038f308f1cccd
SHA256

6429d0779119edba98b1ba6c4e2628673fd8053c8164c218a9adf7a4cc26887b
SHA512

a561ce3210166f7adffc3a15316f986d713ce115ee928a56e3fef5d21f7312b42f4148493544fcfc9b788786500aebeb580a0b9ba6ec475a9b4a3ffd21abf2f7
SSDEEP

768:zdJcqLNr51NCWnwlapZZBdxDjpVjwVsahYjHPkQr5LrPe0UqP67wEu:zdnLNrnN8udxJ/9jA38Eu

Score

9^/10

discovery

Malware Config

Targets

- Target
  
  20cd2d81cb6bbc85dd482431b1e0f836
- Size
  
  36KB
- MD5
  
  20cd2d81cb6bbc85dd482431b1e0f836
- SHA1
  
  0d51a3e0702ac7b249954951262038f308f1cccd
- SHA256
  
  6429d0779119edba98b1ba6c4e2628673fd8053c8164c218a9adf7a4cc26887b
- SHA512
  
  a561ce3210166f7adffc3a15316f986d713ce115ee928a56e3fef5d21f7312b42f4148493544fcfc9b788786500aebeb580a0b9ba6ec475a9b4a3ffd21abf2f7
- SSDEEP
  
  768:zdJcqLNr51NCWnwlapZZBdxDjpVjwVsahYjHPkQr5LrPe0UqP67wEu:zdnLNrnN8udxJ/9jA38Eu
Score

9^/10

discovery
- Contacts a large (23674) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1