Overview

overview

6

Static

static

1

.kdi/autorun

ubuntu-18.04-amd64

6

.kdi/autorun

debian-9-armhf

6

.kdi/autorun

debian-9-mips

6

.kdi/autorun

debian-9-mipsel

6

.kdi/bash

ubuntu-18.04-amd64

.kdi/inst

ubuntu-18.04-amd64

3

.kdi/inst

debian-9-armhf

1

.kdi/inst

debian-9-mips

1

.kdi/inst

debian-9-mipsel

3

.kdi/m.vbs

windows7-x64

1

.kdi/m.vbs

windows10-2004-x64

1

.kdi/pico

ubuntu-18.04-amd64

.kdi/run

ubuntu-18.04-amd64

1

.kdi/run

debian-9-armhf

1

.kdi/run

debian-9-mips

1

.kdi/run

debian-9-mipsel

1

.kdi/start

ubuntu-18.04-amd64

1

.kdi/start

debian-9-armhf

1

.kdi/start

debian-9-mips

1

.kdi/start

debian-9-mipsel

1

.kdi/xh

ubuntu-18.04-amd64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    78956e20ddc930f6c6ae61a474709a8e

  • Size

    332KB

  • Sample

    231222-h528jsbhdk

  • MD5

    78956e20ddc930f6c6ae61a474709a8e

  • SHA1

    eb37c4886bd10eab18e21b08fe6244ba06e72053

  • SHA256

    71c19451fdcee3f004fd2f0779c4bda4ea8b1d33b31f3d5cce556e4fc30252a3

  • SHA512

    45f5098b0aa320aef722bb3284acbfc98c46dbba96b35de54403b62a31a13289664776a5a0d75337a05cd850cb55abe7a8bce7833f97451f3ebc4b9a92963d9e

  • SSDEEP

    6144:gL+ezFJ4so83LkGfpKDcE+Q/WR4/HUIDBnC8lVlkX6/LGAaMDiu/Km+K27URIfy:gKezFOsJ3zpWcrx4FUelkq/SAaS/Kaoy

Score
6/10
linuxpersistence

Malware Config

Targets

    • Target

      .kdi/autorun

    • Size

      317B

    • MD5

      9729c037cb0a32811ba3eb15e3c8a789

    • SHA1

      6e67d4929c0b87dd05afe1b3f5f0aed2852885c4

    • SHA256

      5f03b45dc87f35120fd01f18150d2c3c807c9dc22d9433208d1bd14d5d581260

    • SHA512

      ed9131f48df4f3f6503b38f064ef07c7d9a235280ecf03a0a2852f268b98e42b8b445931536bd4a4a4344fefb8a05594dae094e7e7795c9690ab5ca568b1ff8c

    Score
    6/10
    persistence

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence
    behavioral1behavioral2behavioral3behavioral4

    • Target

      .kdi/bash

    • Size

      480KB

    • MD5

      dc7b9585c47ab44830dc84a11e0272fe

    • SHA1

      7d0f6ecfb4985ec8ef003ab1e8bdf0aae5ffbc75

    • SHA256

      68aef1145b4e208cf6600d2ccda0080d8ec7a7fe97354b92a7378b81975fbb63

    • SHA512

      8e870c960053a5b280e6f17cf6b1bbb57a0df1e97799c5416d7ddc03774baba3af5c6d14aa7a3bb51a729f6e88bd7522bb5e950d3da79c97da4869797bb8908e

    • SSDEEP

      6144:Ymw9XywzvzMPz5obmvlJ9RS3Il4js9QneROyYJ0YnTBwLaTubM1DCmPGMhAj6JQ:Ym+XrvUbW4UHTBwLPQ5CNMhRJQ

    Score
    1/10
    behavioral5

    • Target

      .kdi/inst

    • Size

      6KB

    • MD5

      5f66ee0ca74596fdd6b675ec0d108565

    • SHA1

      9778bb3aa3fa9e11d86f52d2f2f35e30b38b0a61

    • SHA256

      63d2a133ae6985eecf8912081a978874186b45974ef4ea02735776a59462ea8d

    • SHA512

      25830b923ef35e8e58df8dac152fc0e98b2b0c6e9038f5ff17ace3a45d69c500f5252f4a8258f882d12be9ab320393d8d201401b25bbc2fde0b801d8a29317df

    • SSDEEP

      96:uWFiGJPvksmt7HiEiQ0pE0Jy2yiarL9swXX6XswVXxtwVXok+Vy2WMw:uWF9gt7HbjQkrbXcfXkXok+Vy2WMw

    Score
    3/10
    behavioral6behavioral7behavioral8behavioral9

    • Target

      .kdi/m.help

    • Size

      22KB

    • MD5

      3867e7b1168f749f94536c85bf94a2c2

    • SHA1

      97fdf5c978400ed9de85555c63a7ba9cfe8b77a6

    • SHA256

      0d1191e8da46fb6461c072b97c94e2b9a139ee6e483a8b615524b47932095d59

    • SHA512

      b072ec3ccc411f75002c6428569e16d98b43386894be9a41a6c43cbbcf50c24c5a745f2175f40668ccf0be66265b830faf4d3db416a64844255fdc3e26db05b0

    • SSDEEP

      192:Pk80z2Z8ECr40jfSHgglM7mu07/+6MhqehT1Szb01wm7FElApsm4rcGB1tRlnMCv:c8YjRqMC5YRsQf7FMrpfR9MxInqKJNok

    Score
    1/10
    behavioral10behavioral11

    • Target

      .kdi/pico

    • Size

      164KB

    • MD5

      51c7f3ec60f1613aa5202f26d9248ed1

    • SHA1

      835ab0aba3740fcf80fe7238ef4d089d8c5a72c1

    • SHA256

      5e092470ec616d5b866aab0f1a69309b74a48567eec7a250c9a328901a21a498

    • SHA512

      424071e10216836567266cda5ab18876943817e731272ca68f1b96d00e80cef90c286aa5c46fdd5d963014282f39964f46905bda2e18309d6692383e24b5b8b6

    • SSDEEP

      3072:6vq0piaD1aJ3INN6QhldW6dV/T76+eRWPdrJlkODLm729xJtyv0t:6vtjDsYNJdW6dV/T76aPdrJlkOHm729b

    Score
    1/10
    behavioral12

    • Target

      .kdi/run

    • Size

      29B

    • MD5

      978cc6e3ce07787898519aa26f3b429c

    • SHA1

      6240237deb675c81f8352a1352b2d8a0d3019493

    • SHA256

      e0abb3175ea6d042ca49ed299adc0fb2c322ca1e876db21968fc04c90be4fe53

    • SHA512

      9b4a691f80c953cbaff15e01ce11a858eb03a226c7834ca8adfb97c892c51edc8015863ce0ae22be6d4b50d591d923408a143e03c5d6bb9a801f6fcf4f676f9b

    Score
    1/10
    behavioral13behavioral14behavioral15behavioral16

    • Target

      .kdi/start

    • Size

      750B

    • MD5

      158c35ecfd4a4a490b613d87a22088fa

    • SHA1

      506b5f9540781d1caadba4e03731a9fe72e93c9f

    • SHA256

      28494083b2cc414dfb12b5de982a44327e15f2db7ee105a8023a7efb434c59b3

    • SHA512

      fa3157627036595417640a6d54337d5cd90937fc037e45d0738ce54d76c4a5c8ee41bad7b0c422fbc3ff33e38beded6a2df0660d17313a1d997a9bbba1b8a798

    Score
    1/10
    behavioral17behavioral18behavioral19behavioral20

    • Target

      .kdi/xh

    • Size

      27KB

    • MD5

      2d1cf467562e524abb6ca1a6e2367824

    • SHA1

      95fcf96052ce1dd954176f303e5a60052f7016ac

    • SHA256

      eb7830e5387abecb79eadd8ee7447ce7e69bd9131554391fd74bd61987bb1adf

    • SHA512

      bf2808568325752c43adc08674f6cc942071452c2cc1f19a69aefec600ea86a01c0a65e85e824f397cfbc05999a1c031f1175f41a7a80c07a4adfe653ba5deea

    • SSDEEP

      384:vwMJlsIwxX/7U6oVMbuNLhOvO5PbdbFsc8aAYAXkiON2xBBcdCpqSzzjQ:vN6IwxvoV1LhOvubdb2c8aAciC2h4azI

    Score
    1/10
    behavioral21

MITRE ATT&CK Enterprise v15

Tasks