d4baf12e31a5a697b83bdd052d0dc86d2acc3fc3f8ed356234ee1c3d6d068b21

Sharing

Copy URL Twitter E-mail

General

Target

58ae4508c01b56b8bff4332a7ce6dcf3
Size

7.1MB
Sample

231222-dmfvdabhg7
MD5

58ae4508c01b56b8bff4332a7ce6dcf3
SHA1

e6b72807903e517a32e2ce01eaf65988a2d10b0f
SHA256

d4baf12e31a5a697b83bdd052d0dc86d2acc3fc3f8ed356234ee1c3d6d068b21
SHA512

7182472bdc7d824d795ccdbe1d0649fdce0bea4d4792478d22c00b06fc1f0236537e052e946b86f9eab5551d3f1ef717708dd9a12c6fef001d701e1b758fd04b
SSDEEP

196608:TrbvljrBAvp3VP8di9NJ/o8COo53P4f6rYsBxN:TrbvNFGPoiLdcZP4qxN

Score

7^/10

linux

Malware Config

Targets

- Target
  
  run.sh
- Size
  
  69B
- MD5
  
  679dda55ba172ca10fb02353776552f1
- SHA1
  
  a49999b708d209040562070cc131b9a17a392d3d
- SHA256
  
  328e7447b1e592312e022b97484e4f540c99ac57684a05dd17e81a2930618ee2
- SHA512
  
  b24a15922d1c8c71bb6335cb9464a73c0ffda8c8fef70b0cbeadc743f87960d8a4a536c6af41c3773750541bd5eced616a099966326c68cd14eb9523ca77fe9b
Score

3^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  2637
- Size
  
  523KB
- MD5
  
  3bd2bedadc2dd2aa19a4b2edac92924d
- SHA1
  
  dbd206dbb7061e0ac3c44dca54cbde6a00b7663d
- SHA256
  
  011dfeccbf6ecf3b4ef5bbbe0f0e06652fd1aebeddec3c7581106b2cd9b345f2
- SHA512
  
  551d12bd190307bc6adbe4acf64cfa55f3d34440adc7ff4e460e69e236c2dd756ed2f1ca1a0e0225cc36024b15b069718365602c8bdaaece6f9fdc005ae3ccef
- SSDEEP
  
  12288:dWFMaSw/HaEYE81iii/D1NN7W/gU7lwO2WX2UB3l7QA:wgwRj81iDD1NN8gU2ONGIlB
Score

1^/10
behavioral5
- Target
  
  2637.64
- Size
  
  597KB
- MD5
  
  c51a7b5ac8432676e241d0940ef1bfb2
- SHA1
  
  5a87f92ae17cbbfa4795f867ca3fecd64cfb7cea
- SHA256
  
  f12518e32c0d3f6dfa491c396ee8b771564b5d5e5aedfb40e7fd571e493d1dc7
- SHA512
  
  19e8d90e561ba0a9e80e767cd0f0c17b7108455e8b81444fa7f099d790950203560b171752c2d2094c46f8a0e1a54527b8898f8c209790b31e069bea9e488648
- SSDEEP
  
  12288:D1dCasvf5x/lvqDvOJjq1YQOn/gbAKyUQTavNfBa/dTHl+0Yd3:psP/8mzQO6P3baTH80s
Score

1^/10
behavioral6
- Target
  
  f00c0d3/0/0x82
- Size
  
  10KB
- MD5
  
  10db549c69fc1b0ba76285014644ca7e
- SHA1
  
  13ca9cb133dd2e2a52b2fff1b8676db06537152d
- SHA256
  
  2a51a0c00597276577fde2085af21cbe7c2764a21e61b2883c1aa1c5bde18e93
- SHA512
  
  da7f03ee630fc96881b1b70a7dbca2f5a1edc4dfbefdae9cc0b406da0cbc36147150ddc33ee0f77f28b78163a0baaef642ce31d5e7db32bbdcdd38a2083e3e78
- SSDEEP
  
  192:foxaT1YvYyOAgRnFjivpS/PYm2nBG9BRvyCUciP:fcamv2fjjf/fo
Score

1^/10
behavioral7
- Target
  
  f00c0d3/0/0x82-CVE-2009-2692
- Size
  
  8KB
- MD5
  
  72942df7022c46ede16ffa47e2007c13
- SHA1
  
  02965afb0a65e94ceeca98a0a750d2d7e44ce7f5
- SHA256
  
  c409975232ada581659e9f03ac015ce747a3e4cc12e4b337989e9c10c2a11627
- SHA512
  
  99d5c7ec53de76dc35a1ff2c8e533aab9f9c80c36d39c998827ba9f9046bc4abc662d647a97136a7b23b9632c5154d033b9dea96bc16636e9e9e5923c4c37fe8
- SSDEEP
  
  96:fa7ZJhcZNqvg6CYFMap6QXs9d8t30mqbvzLh0emZKbFW7j6dmfL5ROwh28Nneijq:faxAqLC6M6VsAtZYX8WwLBhrNnDuYi
Score

1^/10
behavioral8
- Target
  
  f00c0d3/0/0x82-CVE-2009-2698
- Size
  
  8KB
- MD5
  
  88ddbeb2ed1f49189f78645ff96608c2
- SHA1
  
  be1ec181cdfbdb223e61d8d11d2402a1e2a8ba04
- SHA256
  
  af3021cb88ace90f540933fc4dace48768c1d3c5d623cf6d1489936b2ab161e6
- SHA512
  
  6c514b442e1e63991abc935e3f8fd9a6b82629aae1cb2fa9f52669e93322b7768f26b71a04681532e9a9aff8cc04eff736c0c45c38bd04df7cb88dbfbe47016c
- SSDEEP
  
  96:fjyPYdmjmBs0Rh24OVyNa+3Nzd9ct30mqbvzLhw+wBiTbjGuuFwRekhZxIBReij2:f0QsV4GmNzAtZY/yt+ZSRDumi
Score

1^/10
behavioral9
- Target
  
  f00c0d3/0/0x82-simple
- Size
  
  10KB
- MD5
  
  11d4f0be03ebf87d711e62878d4ac0c0
- SHA1
  
  b7cddd5e68f2d2364ffa6b630c710d0b7c4d0117
- SHA256
  
  d1b4dfa0d0630d829923dfbc7a4716d5ef622c452bceee6fbe83aa76bccb9231
- SHA512
  
  0336a73e8b02deca8cfd06c0a4be834f13a453db425274c3a8de74851c8e35f81de333791619ca601188971e84cca92dfa688f1f86abb0ec3a595f2e58972360
- SSDEEP
  
  192:fMT0S/JZKj/w2Nm6oYS23B6oBDvyU9xDV6MP:fMP/Jc/5/Mm
Score

1^/10
behavioral10
- Target
  
  f00c0d3/0/cheddar_bay/cheddar_bay.sh
- Size
  
  252B
- MD5
  
  40547dbdb0bffeea449dca4eb406f902
- SHA1
  
  f438407faaa99c9b9711cb8dd9f261a714a97274
- SHA256
  
  117f73af5efd3c62d86974c19599e79b81d2855e393d4c65f86a8331efbc7c36
- SHA512
  
  6d3f3fb3d707b115a5a86e0d39ae07b001251cba2763c437544b5114f5a2d55e68b72e9eeff9e34026c3a93da0d50ab9a8070ac1b4ad34f01b809174b9142da0
Score

6^/10
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral11 behavioral12 behavioral13 behavioral14
- Target
  
  f00c0d3/0/cheddar_bay/exploit
- Size
  
  16KB
- MD5
  
  f07e20e5e2c8df0f68501bd66c711376
- SHA1
  
  f226f7dd9defa079880047bbadc84be6572f65e9
- SHA256
  
  c6aea0bb17cb0d164e9185f069872a70e65d6f478c6ae57cb3acc46889a6808d
- SHA512
  
  64c6a9600f2b81d609c5a5c7ed840999ef1ce7eb1c430096d70db5b0243fc92a16eac131327f5496ce528f12d353bf1027da84ecc458f69368fb6d65dc24b426
- SSDEEP
  
  192:fMgAmJiJV50V4lgiSwJMF9vG2qFc7zzCJGYe2BB8iBBvypydp2MLNT/AgwOMq7:fMgNiz5/MnPAcmJUM94EMg
Score

1^/10
behavioral15
- Target
  
  f00c0d3/0/cheddar_bay/pwnkernel
- Size
  
  7KB
- MD5
  
  27b04b8301fd784afff8c4add908dbb7
- SHA1
  
  6bed1e8c3a027d3cafd370faca5f0ef75d87c353
- SHA256
  
  0513cf5d049dab2dafcbbf998541599b2cc99935079fce0e80ecd4e863158c40
- SHA512
  
  894e68799fae6a45d7df00db25338b9097557fa921ecc2b4fe6f9122b4b17418efe5a4ce14c6b94fcb1233f2337d7de83869a8b13b6e805189eb7f63fb66871e
- SSDEEP
  
  96:fR6bScByn7tYWx1aDytgt30m37avWWLhZSDRSsniMebzqiIetvuOJOM39eN4IhM:fRUQpx1aDdtZr/WlL7YNThM
Score

1^/10
behavioral16
- Target
  
  f00c0d3/0/hoagie_udp_sendmsg
- Size
  
  7KB
- MD5
  
  4a51b0cffac450b2a11a1426d3eda343
- SHA1
  
  67ff99944faab2ca6097df58eef4121287522667
- SHA256
  
  8a0a230680cfeb6ff08f122816183e890f1209f687842f2f788bf8028c881291
- SHA512
  
  7f98e5b947d4ea6a01c9f71ea01b309e0358b36e5870d80bbe0156a0d97da084f26d50ae005a681f170e1b7cadde590e59fbb4d286633715dca9fb9f01a945ca
- SSDEEP
  
  96:f5889DiRK5LHigzCn9ut30mDKUv0LhI4IWghe7DiTLdQx2GjnAdiZFta:fuK5bBzCItZsgC2Gjn8Kna
Score

1^/10
behavioral17
- Target
  
  f00c0d3/0/i
- Size
  
  11KB
- MD5
  
  6936714bfe0a17a440e31a1137974149
- SHA1
  
  07cf668a8c8155e20382223594239fc7ccc2364e
- SHA256
  
  c70a2fd57b0530b27300e2a84fc348118702c8d54e22ad01367f8edc4013d08f
- SHA512
  
  36dc9245cdef4a4fc5ff6a0c79977ac98e47613051a5af2a5d5129da883bf1b861d4549b9022d5b78a9ac71824f81bf6264f36d8a6464fe28bb89060abe82c7d
- SSDEEP
  
  192:fkuPbIn4RbAPlaructYxlKyScKgeLe0ecHdV9lTgQdM5:ffbInM08r0sOKgBmd58QQ
Score

1^/10
behavioral18
- Target
  
  f00c0d3/0/i2
- Size
  
  7KB
- MD5
  
  b94d874623ade701620f511c7988694f
- SHA1
  
  75b35d256a0d8bd4e209f2836079b43d7ef1a58d
- SHA256
  
  4ae8f3e8f3898a73030e9de51368edf1ef207c0c952bed2588e746c6d88e213e
- SHA512
  
  52fc735ec8e6d8eda70b480ad58f2cb0a887e625d64344ebd22cc2286e8350571b09fca9594fafb9316917874c2d6de7b978a0699813693105c058ed7a70ee7e
- SSDEEP
  
  96:fTx+WAX/IrN6x4s1viQcrlL2nAFDucSJdVCD8nCW+YzI3TdZZmtgxfNGa:fTxKXVb1uLSYDucrtwIjd6k5
Score

1^/10
behavioral19
- Target
  
  f00c0d3/0/linux-sendpage
- Size
  
  10KB
- MD5
  
  feca75715996b28842a60ae674363049
- SHA1
  
  6ce06ac41ad77e274f0cb7aa7d130ecf45f72880
- SHA256
  
  132a93aa1fd61bd398e5bfc33b69533a75f1770c15a1dc55dfd67683f72d34e1
- SHA512
  
  36c267beff4d4d87b74dd4db8ba215574a163e5ed38f3fb81eec9ec5816584c8d57e478d45dfb0ab92d0112ae502857c904da300fe8d01faa23f962dc75e1c06
- SSDEEP
  
  192:fTYXzXgD2naIanI8vYm2XBudBmkvy/O6a7Q:fsXkDSfaF72
Score

1^/10
behavioral20
- Target
  
  f00c0d3/0/linux-sendpage2/exploit
- Size
  
  12KB
- MD5
  
  e5a91b22de8b32216a8ff02a44b5aa02
- SHA1
  
  f6014d3adf3c995eadbd294d251cc2f660e53304
- SHA256
  
  73537d79c5064312edb482e1f89b8b4bb094d63ab55abc54c8fd54cae891844c
- SHA512
  
  b3770bd48b7060f6eb2f42d586f53ef1f67f569729b968d090098ad196c63aa17bc01d99b3b9241ad3c76d196edd5e49b4a842c0771ae4a6f2e686e611fcc854
- SSDEEP
  
  192:f0OCC602KfohDMj6pwNa/kYm2nBOBBpvyS37gOFD2Q:f0501whDC6v/o3
Score

1^/10
behavioral21
- Target
  
  f00c0d3/0/linux-sendpage2/run
- Size
  
  431B
- MD5
  
  7fb942814cbf49e20c618b45fd5729f3
- SHA1
  
  3f91cea0275c285083f74617092c590bf26f94f5
- SHA256
  
  8d0c635b2f4d1c31699d7a0ff28bd86c68a783f7b46ca4084022fdca88999287
- SHA512
  
  1e0eb7e6fd1a419af90417a6b3fbd42093f9ed02d6b972d5608ec5630f807a6be8d8bcd7e0fe6372506832d2e71333d8e378cf5b73e61a635d49fb4594861daa
Score

7^/10
- Executes dropped EXE
behavioral22 behavioral23 behavioral24 behavioral25
- Target
  
  f00c0d3/0/linux-sendpage2/runcon-mmap_zero
- Size
  
  663B
- MD5
  
  bb0b6a8df5151548336975b38ba3bd35
- SHA1
  
  edc6df9315d068739712db9b4beb197a42315498
- SHA256
  
  5cc9debb8d6cf0c35ad2c4a35dc44088fe9e073e480e0237347cdfd871ae5c21
- SHA512
  
  c13753ac4ec5d838f1b4b9d010bc624619aa01fbd4e51bb8b28654770e575709c2a10b5f0403e7f5884446e10819424ba801a1c3de1244774619f8345a0e809b
Score

3^/10
behavioral26 behavioral27 behavioral28 behavioral29
- Target
  
  f00c0d3/0/linux-sendpage2/sesearch-mmap_zero
- Size
  
  1018B
- MD5
  
  4cb34eeaa8c00e6eff84c73925a6ee08
- SHA1
  
  65c441e8e8f93bf07775f6810cab2882896483d8
- SHA256
  
  4b9fbe08c985adcd42aa52b4a026bbc8da38cb9b9accc612b940ec0ceb716927
- SHA512
  
  2cebf55a63e9fb31c0efeeeb50e6bd3532392d6fee6781ae33d3772e781272d2ec4c91a7aad7b3c46465dacf241e27c8d2ca7f7db6be65cfd786210cedf25666
Score

3^/10
behavioral30 behavioral31 behavioral32

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Enumerates running processes

Executes dropped EXE

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32