Overview

overview

8

Static

static

8

9a111588a7...949cd4

debian-9-armhf

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a111588a7db15b796421bd13a949cd4

  • Size

    93KB

  • Sample

    231220-k3eqkshch8

  • MD5

    9a111588a7db15b796421bd13a949cd4

  • SHA1

    034c8c51a58be11ca620ce3eb0d43d5a59275d2f

  • SHA256

    e15e93db3ce3a8a22adb4b18e0e37b93f39c495e4a97008f9b1a9a42e1fac2b0

  • SHA512

    820053864dd506fcf7c126f4a8df72ee6113ec07baaa2f440739782eb06e2768ee3dba5ba0c8e89d9c0dd03dffc51027e455f73601f41c07e02b19eef69f4aa9

  • SSDEEP

    1536:pymLLU1F5kHIrIj0D6rhfd+lK3exiTCzxNtI4sZLi6UEbFEBFaW1EH6t6wfPP/Q:2F+ooxalK3exiTOijZLdUEbFlWPP/Q

Score
8/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      9a111588a7db15b796421bd13a949cd4

    • Size

      93KB

    • MD5

      9a111588a7db15b796421bd13a949cd4

    • SHA1

      034c8c51a58be11ca620ce3eb0d43d5a59275d2f

    • SHA256

      e15e93db3ce3a8a22adb4b18e0e37b93f39c495e4a97008f9b1a9a42e1fac2b0

    • SHA512

      820053864dd506fcf7c126f4a8df72ee6113ec07baaa2f440739782eb06e2768ee3dba5ba0c8e89d9c0dd03dffc51027e455f73601f41c07e02b19eef69f4aa9

    • SSDEEP

      1536:pymLLU1F5kHIrIj0D6rhfd+lK3exiTCzxNtI4sZLi6UEbFEBFaW1EH6t6wfPP/Q:2F+ooxalK3exiTOijZLdUEbFlWPP/Q

    Score
    8/10
    discoverypersistenceupx

    • Contacts a large (1172) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

1
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Discovery

1
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks