e15e93db3ce3a8a22adb4b18e0e37b93f39c495e4a97008f9b1a9a42e1fac2b0 | Triage

Sharing

General

Target

9a111588a7db15b796421bd13a949cd4
Size

93KB
Sample

231220-k3eqkshch8
MD5

9a111588a7db15b796421bd13a949cd4
SHA1

034c8c51a58be11ca620ce3eb0d43d5a59275d2f
SHA256

e15e93db3ce3a8a22adb4b18e0e37b93f39c495e4a97008f9b1a9a42e1fac2b0
SHA512

820053864dd506fcf7c126f4a8df72ee6113ec07baaa2f440739782eb06e2768ee3dba5ba0c8e89d9c0dd03dffc51027e455f73601f41c07e02b19eef69f4aa9
SSDEEP

1536:pymLLU1F5kHIrIj0D6rhfd+lK3exiTCzxNtI4sZLi6UEbFEBFaW1EH6t6wfPP/Q:2F+ooxalK3exiTOijZLdUEbFlWPP/Q

Score

8^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  9a111588a7db15b796421bd13a949cd4
- Size
  
  93KB
- MD5
  
  9a111588a7db15b796421bd13a949cd4
- SHA1
  
  034c8c51a58be11ca620ce3eb0d43d5a59275d2f
- SHA256
  
  e15e93db3ce3a8a22adb4b18e0e37b93f39c495e4a97008f9b1a9a42e1fac2b0
- SHA512
  
  820053864dd506fcf7c126f4a8df72ee6113ec07baaa2f440739782eb06e2768ee3dba5ba0c8e89d9c0dd03dffc51027e455f73601f41c07e02b19eef69f4aa9
- SSDEEP
  
  1536:pymLLU1F5kHIrIj0D6rhfd+lK3exiTCzxNtI4sZLi6UEbFEBFaW1EH6t6wfPP/Q:2F+ooxalK3exiTOijZLdUEbFlWPP/Q
Score

8^/10

discovery persistence upx
- Contacts a large (1172) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx