83441d77abb6cf328e77e372dc17c607fb9c4a261722ae80d83708ae3865053d | Triage

Sharing

General

Target

dd4b6f3216709e193ed9f06c37bcc389
Size

207KB
Sample

231220-s8n57sebc8
MD5

dd4b6f3216709e193ed9f06c37bcc389
SHA1

758ba1ab22dd37f0f9d6fd09419bfef44f810345
SHA256

83441d77abb6cf328e77e372dc17c607fb9c4a261722ae80d83708ae3865053d
SHA512

acb30371b0ec9bddf2b2f645af462f9ca7aa90fc4396a9313b891f20506fdb6b9788f151593ed1638982336603c7ca87bebd85b7a86b5658529e87dfaf4c9327
SSDEEP

3072:+8FpcpvBKlbMNZQm03ngoDxFEPuaZCPo5POdOQ33o:PFuBWbZ3ngoDvEQPAPqO1

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  dd4b6f3216709e193ed9f06c37bcc389
- Size
  
  207KB
- MD5
  
  dd4b6f3216709e193ed9f06c37bcc389
- SHA1
  
  758ba1ab22dd37f0f9d6fd09419bfef44f810345
- SHA256
  
  83441d77abb6cf328e77e372dc17c607fb9c4a261722ae80d83708ae3865053d
- SHA512
  
  acb30371b0ec9bddf2b2f645af462f9ca7aa90fc4396a9313b891f20506fdb6b9788f151593ed1638982336603c7ca87bebd85b7a86b5658529e87dfaf4c9327
- SSDEEP
  
  3072:+8FpcpvBKlbMNZQm03ngoDxFEPuaZCPo5POdOQ33o:PFuBWbZ3ngoDvEQPAPqO1
Score

7^/10

persistence
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1