Overview

overview

9

Static

static

1

98a7af10c1...9f256e

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98a7af10c1c9aa87332ef873e59f256e

  • Size

    27KB

  • Sample

    231220-kvsmgadegr

  • MD5

    98a7af10c1c9aa87332ef873e59f256e

  • SHA1

    49f3b39b2fab85bb92015b7ffb484179b6a7bf7c

  • SHA256

    02c89672ddc46b490801088e5b3b594db93137b7b33a85a70a2fecf3a79d7645

  • SHA512

    62a1433ff5501524e65a4d83daf97ff564cdcb71e4eaa783ac76b85dc57d9572dc7f9b1a4ee9a69bfa249647ae8a584d1d25c35174d9f4952b1184271caf3583

  • SSDEEP

    768:T1Cen4UhFv0Bj4+9FIyqFTknbcuyD7UVyqd:RXn4Uv8BM+oL1knouy8sqd

Score
9/10
discoverylinux

Malware Config

Targets

    • Target

      98a7af10c1c9aa87332ef873e59f256e

    • Size

      27KB

    • MD5

      98a7af10c1c9aa87332ef873e59f256e

    • SHA1

      49f3b39b2fab85bb92015b7ffb484179b6a7bf7c

    • SHA256

      02c89672ddc46b490801088e5b3b594db93137b7b33a85a70a2fecf3a79d7645

    • SHA512

      62a1433ff5501524e65a4d83daf97ff564cdcb71e4eaa783ac76b85dc57d9572dc7f9b1a4ee9a69bfa249647ae8a584d1d25c35174d9f4952b1184271caf3583

    • SSDEEP

      768:T1Cen4UhFv0Bj4+9FIyqFTknbcuyD7UVyqd:RXn4Uv8BM+oL1knouy8sqd

    Score
    9/10
    discovery

    • Contacts a large (140716) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks