565eb6bda1232c8097a56f1fea1d0646995210d82bde6d5b9c77a04929221e70

Sharing

Copy URL Twitter E-mail

General

Target

7797e732b42624efb3eb921fced38d1e
Size

1.3MB
Sample

231222-hzc2gabefk
MD5

7797e732b42624efb3eb921fced38d1e
SHA1

53d3bdbc3c1faca0496eaae1766172c4ec756c5b
SHA256

565eb6bda1232c8097a56f1fea1d0646995210d82bde6d5b9c77a04929221e70
SHA512

63784c578c8df24b3ec425b9567261bd2ad2653e51c0b038770d7a2d88df7660cfc7da053e978ed5a0a56ccf6b7f2356632fc8803079f452a1f118477ca8fc9f
SSDEEP

24576:6ZYs+slGlgp0WDsLYiPwJekajvrbw1Le22fWldIeqvqcemLwr+nIgZfY9nrFquhn:6FD0gp0FVkWrbw5e22uldEDemLn/ZgJn

Score

6^/10

linux persistence

Malware Config

Targets

- Target
  
  darwin/-sh
- Size
  
  371KB
- MD5
  
  efedfc55d99d4e0cabf182fa28f565e6
- SHA1
  
  94755b8c53f592bc5d822daca4387553d792a959
- SHA256
  
  78c7006698c2a632a780d5ac3c735ac1e46d4b63c63b61c3fed2314451ae7ee1
- SHA512
  
  16fb3533d99c013bd7e0d471b25fa5d0c6941d90e0359624ce4c7bf0691444555e97c2ba12394b764e76202eacd2be5bbc63b4210df8b99afff14879fe679007
- SSDEEP
  
  6144:TWgMZmgiXkNeraP9sSyLVqQf0XNfT1DUCuBjLy+5Sy8VN5wKiI:TWFQHkNOivsVP6NfpK8zqKiI
Score

1^/10
behavioral1
- Target
  
  darwin/autorun
- Size
  
  299B
- MD5
  
  88fa87ddec13907fe3656ec0f4946da0
- SHA1
  
  5db91b9b639d6042982bf8e0c90eca2981b64470
- SHA256
  
  4487b733a17774fc0f5d36d56d9e613dd8b7f18db0428838f8d15d7e4da9b273
- SHA512
  
  1ad43c61b6d4154fa9dafccf6e89fd151c553b62c248b5c3280b43b1fbf5e69fb4f4eb58391ebfddbc873e879419f0250fb1535c5fada2d2a80cbb2e29f79a66
Score

6^/10

persistence
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral2 behavioral3 behavioral4 behavioral5
- Target
  
  darwin/bsd
- Size
  
  368KB
- MD5
  
  5a85e543cff7ec4af6d1e8fe6c9663e9
- SHA1
  
  67d7dd497f8a28123f8d96fa754d82e9e368e91e
- SHA256
  
  3b54286df5eeb9a8970bd3e4aee8a2c964f6c2e0b84ade5037cfeb6c80ea05c7
- SHA512
  
  b5a48f20bc5f4a0e71126849413043d732c22aae7cd38d7c998398c8923affb91bd487cc22136797657d45d4eb619049f75595698aa9d33fa75bb3545724a8dd
- SSDEEP
  
  6144:6E9eNk3RPVy4ors3ulUFA6aUWvvr+Ay89YtQ4eMHquEw6YuXk7sngFGoUbuft7f:6ae+jy4ors3ulUtav+Ay89z4eMqbgfGq
Score

1^/10
behavioral6
- Target
  
  darwin/danion-bsd
- Size
  
  368KB
- MD5
  
  5a85e543cff7ec4af6d1e8fe6c9663e9
- SHA1
  
  67d7dd497f8a28123f8d96fa754d82e9e368e91e
- SHA256
  
  3b54286df5eeb9a8970bd3e4aee8a2c964f6c2e0b84ade5037cfeb6c80ea05c7
- SHA512
  
  b5a48f20bc5f4a0e71126849413043d732c22aae7cd38d7c998398c8923affb91bd487cc22136797657d45d4eb619049f75595698aa9d33fa75bb3545724a8dd
- SSDEEP
  
  6144:6E9eNk3RPVy4ors3ulUFA6aUWvvr+Ay89YtQ4eMHquEw6YuXk7sngFGoUbuft7f:6ae+jy4ors3ulUtav+Ay89z4eMqbgfGq
Score

1^/10
behavioral7
- Target
  
  darwin/danion-bsd2
- Size
  
  408KB
- MD5
  
  35658d816f30a2c9bd5045ac03ec73dc
- SHA1
  
  aa690e0f0d7ff758689dda2d71aee225513187ae
- SHA256
  
  bacdb059bc13cbe0f6186f4a3560ceb2b9c834dd6a35b10b56971584ad321674
- SHA512
  
  a1b51b7ceaff3e0754c2a77ae9ac1a518688504f74244e1b1e6502060360d5ea569a807287633680efd8594aec3c7bb27fc7425416387317d28d214019037366
- SSDEEP
  
  6144:GItLXVNlJAuckuwarTf9Iu6sbdAfBW5cjNAFwNqaBf:GIPrOjp0BWq2F3aBf
Score

1^/10
behavioral8
- Target
  
  darwin/danion-unix
- Size
  
  371KB
- MD5
  
  efedfc55d99d4e0cabf182fa28f565e6
- SHA1
  
  94755b8c53f592bc5d822daca4387553d792a959
- SHA256
  
  78c7006698c2a632a780d5ac3c735ac1e46d4b63c63b61c3fed2314451ae7ee1
- SHA512
  
  16fb3533d99c013bd7e0d471b25fa5d0c6941d90e0359624ce4c7bf0691444555e97c2ba12394b764e76202eacd2be5bbc63b4210df8b99afff14879fe679007
- SSDEEP
  
  6144:TWgMZmgiXkNeraP9sSyLVqQf0XNfT1DUCuBjLy+5Sy8VN5wKiI:TWFQHkNOivsVP6NfpK8zqKiI
Score

1^/10
behavioral9
- Target
  
  darwin/danion-unix2
- Size
  
  438KB
- MD5
  
  d3476deeb720f4f4f5b3aa43cc630e14
- SHA1
  
  d535aca283525dc7bcda35844257f97377447edf
- SHA256
  
  0574ec602e3ae640ba9642d26a42daac6ac191d19be462ba7495c7d99edb9404
- SHA512
  
  24563262a14331c2058c70b7b4e5d083521d22356c35858e409a84244f3d0399f91fce64a386ee402eaf15ba2172792b5406872b8806a8cb198e6d8e368aaccc
- SSDEEP
  
  12288:xH/9Ts+bWX90Q3bd+FS9hrPSHKwDTxuaT8k5l:xH1TsMWN0Q3kFaSHKwDTxD8k5l
Score

1^/10
behavioral10
- Target
  
  darwin/help
- Size
  
  22KB
- MD5
  
  3867e7b1168f749f94536c85bf94a2c2
- SHA1
  
  97fdf5c978400ed9de85555c63a7ba9cfe8b77a6
- SHA256
  
  0d1191e8da46fb6461c072b97c94e2b9a139ee6e483a8b615524b47932095d59
- SHA512
  
  b072ec3ccc411f75002c6428569e16d98b43386894be9a41a6c43cbbcf50c24c5a745f2175f40668ccf0be66265b830faf4d3db416a64844255fdc3e26db05b0
- SSDEEP
  
  192:Pk80z2Z8ECr40jfSHgglM7mu07/+6MhqehT1Szb01wm7FElApsm4rcGB1tRlnMCv:c8YjRqMC5YRsQf7FMrpfR9MxInqKJNok
Score

1^/10
behavioral11 behavioral12
- Target
  
  darwin/pico
- Size
  
  164KB
- MD5
  
  51c7f3ec60f1613aa5202f26d9248ed1
- SHA1
  
  835ab0aba3740fcf80fe7238ef4d089d8c5a72c1
- SHA256
  
  5e092470ec616d5b866aab0f1a69309b74a48567eec7a250c9a328901a21a498
- SHA512
  
  424071e10216836567266cda5ab18876943817e731272ca68f1b96d00e80cef90c286aa5c46fdd5d963014282f39964f46905bda2e18309d6692383e24b5b8b6
- SSDEEP
  
  3072:6vq0piaD1aJ3INN6QhldW6dV/T76+eRWPdrJlkODLm729xJtyv0t:6vtjDsYNJdW6dV/T76aPdrJlkOHm729b
Score

1^/10
behavioral13
- Target
  
  darwin/run
- Size
  
  28B
- MD5
  
  3ee8f34e1edfadcad6deb6343a009585
- SHA1
  
  5d3f258b1c99c49b7c7329f1aa35e2c2b9569e98
- SHA256
  
  d39efad7d100218969ce677dabd9a882994f2ab685f14a62ca506402413226ec
- SHA512
  
  14a9736080ac5abc209e5a55eb42977e5e4e6f0ce854c08bb0263e4799b748e25a315a06c540530f18acd8a4046ac0c682905e8d39bf0d11fd58fd382f40342a
Score

1^/10
behavioral14 behavioral15 behavioral16 behavioral17
- Target
  
  darwin/xh
- Size
  
  27KB
- MD5
  
  2d1cf467562e524abb6ca1a6e2367824
- SHA1
  
  95fcf96052ce1dd954176f303e5a60052f7016ac
- SHA256
  
  eb7830e5387abecb79eadd8ee7447ce7e69bd9131554391fd74bd61987bb1adf
- SHA512
  
  bf2808568325752c43adc08674f6cc942071452c2cc1f19a69aefec600ea86a01c0a65e85e824f397cfbc05999a1c031f1175f41a7a80c07a4adfe653ba5deea
- SSDEEP
  
  384:vwMJlsIwxX/7U6oVMbuNLhOvO5PbdbFsc8aAYAXkiON2xBBcdCpqSzzjQ:vN6IwxvoV1LhOvubdb2c8aAciC2h4azI
Score

1^/10
behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Creates/modifies Cron job

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18