Overview

overview

7

Static

static

1

getroot/full-nelson

ubuntu-18.04-amd64

getroot/go.sh

windows7-x64

3

getroot/go.sh

windows10-2004-x64

3

getroot/ho...endmsg

ubuntu-18.04-amd64

getroot/ip...d_data

ubuntu-18.04-amd64

getroot/k-rad3

ubuntu-18.04-amd64

1

getroot/linux-gate

ubuntu-18.04-amd64

getroot/mc...filter

ubuntu-18.04-amd64

getroot/pr...redump

ubuntu-18.04-amd64

getroot/prctlpute

ubuntu-18.04-amd64

getroot/pt...keuser

ubuntu-18.04-amd64

7

getroot/rds-privesc

ubuntu-18.04-amd64

getroot/udev-141

ubuntu-18.04-amd64

getroot/vmsplice

ubuntu-18.04-amd64

getroot/vmsplice2

ubuntu-18.04-amd64

1

getroot/vmsplice3

ubuntu-18.04-amd64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bf7ab2b2b2e480597d6de5b66ddfb89

  • Size

    538KB

  • Sample

    231222-pmmhpsccf8

  • MD5

    8bf7ab2b2b2e480597d6de5b66ddfb89

  • SHA1

    43b4518e8ef37221fc0fb7f1ed7c7ff3f52d2549

  • SHA256

    19367e7228f26d4e9678aae4c45ac01edf70960495d6d8283b9cf6274e039913

  • SHA512

    b51350c51ef56cc22c7acc8dd7baba288b5736d7f47ca9acd10bbc40e28547d650384041fdc18954f0940a6be9a11591297857cd8a4c2f7466af91bc7acb50ab

  • SSDEEP

    12288:DQV45hamBFR1tq57RzwnFu8aa8voCuoOVk12k0qBRuIMRAeO2:q4O4vtq5J4zaFACu/U2kgRW2

Score
7/10
linux

Malware Config

Targets

    • Target

      getroot/full-nelson

    • Size

      10KB

    • MD5

      2c4dd980becf98934109ebb0f17baaab

    • SHA1

      33acc09c5121318fc310103d7badbaa24bc308cc

    • SHA256

      7c3cbabee49073e70ed7713edb158b5761ecfa829499cb240348a9403733e3b5

    • SHA512

      5aefa661b9c5c7a25d3d4df2c74979a52c8a8589f0f8162092e7a0e1da0465a22d85fd821a433a9870cdae4dfbe563211bd4d7e26023fede843419616ccd4b90

    • SSDEEP

      192:feEgklFWaYk+8t4Yqky+tZkqRqXRrN/x2V:fexklrYCN/tZ4XRrN/xe

    Score
    1/10
    behavioral1

    • Target

      getroot/go.sh

    • Size

      209B

    • MD5

      b1714d537de6ee274a91cb36a7e05474

    • SHA1

      6015ca3fcfbe74eecb9013bce63a63ae62ea5100

    • SHA256

      70ed5f76524f6217435299f7e07e0305f6a5cdc8850a5bade4d42411fc6c7472

    • SHA512

      07d92aa35f3b5553907639d3dc7d588ecdb9ff63a7d09da06d8fdc23a781190782f6fd1bdf191493c966a62603a5fd8a45b9ceb487c898348317873f61c99d58

    Score
    3/10
    behavioral2behavioral3

    • Target

      getroot/hoagie_udpsendmsg

    • Size

      9KB

    • MD5

      17260fd703b1a28bc9899c7a8e008ecb

    • SHA1

      63112a239e06f637a626f12230ba328a24a2e840

    • SHA256

      509f8b9f1c5897781ef62c16db0d9d4da3ec0d1cbf7a929e1b43fd562dba409b

    • SHA512

      9955140ccf98f560df7f26d8aaa02ea075ccd68886401d3e5ef4529f744aad68a6cfc38f776077129dead82fe9a224b48b01af82d283809d1ee5e42cbf305f6c

    • SSDEEP

      96:fD/56GhfiOo1WPBf+VLtOybVKEUmviTCASAy30CY6X8OLh/QP6ahn+PTre0n4w1U:fzwW8VQybEmaTCASAydY5OZ/S2xwMa

    Score
    1/10
    behavioral4

    • Target

      getroot/ip_append_data

    • Size

      6KB

    • MD5

      ffd6b33a6c7697c0e4b584b2915ce44c

    • SHA1

      89b92422ba22ccb0759eb878ea020238731c7900

    • SHA256

      77a48406489f1b602dfa286f1addbbb1083d2edcd79c19e9c233baadc5ca3113

    • SHA512

      583af6eac466785ea3233992d520efa3239e401d227432f71964b0bf656f5ab50b1a82c14f5ae1968ea12dcb176bd16cd40717ab02aed5c851e82e1bf9b93453

    • SSDEEP

      96:fCT5Z3As/p62gUiM9Sdy1I17rxPfuQ22222H0ciIlJKjuC3zC9yZ7/icY3c6YLal:foSUQ/AO1kD0czu4yZ7qm6Xn

    Score
    1/10
    behavioral5

    • Target

      getroot/k-rad3

    • Size

      569KB

    • MD5

      0188996f0a3b78bab3054be7ac95d4ae

    • SHA1

      2da280d330cc1fcdd213de6b9301850f2654bfea

    • SHA256

      c302650d07b24230570d59e5988b4fc07c749a7cb110ea913ae1af72861129f2

    • SHA512

      3dfb8e78ee75ff563234a812578481806ae4be144bc350037681ddf772217d523755677ddfa1bc8d83afd61e0384c87dd2eb391aa81cfa96bfec039742b3686b

    • SSDEEP

      12288:Tgw6Re9+okw1OTRYsP/Mz/wDAFqstVErLTpjtMqyqkkSJGo:Tgw6RecorcRxP/VKqstVErLTpCpqkNJH

    Score
    1/10
    behavioral6

    • Target

      getroot/linux-gate

    • Size

      5KB

    • MD5

      9e654054624b1556c26f6b7b1532b877

    • SHA1

      992e0111ffd093ca9c21f4d9c99d62878e6d5f36

    • SHA256

      2154de3be033790fd6b8a34f9bede53168e053a1f492b5ef343ad9983626fd05

    • SHA512

      40772d2dcc17748f3d206fe3db8b16daaa6891051540590c079ef4c9a61b3ece7b80adbcf3c0c4d57466e7f24db8c52079b82e8bba2e91ff6965c6ac1661bf74

    • SSDEEP

      96:fvvA/G3pSSeTyOaoMl/+c28NlOFC4Xiknihw9WexfhG2:fXAu3pS7GOaoMl/+cxxe9Jn

    Score
    1/10
    behavioral7

    • Target

      getroot/mcast_msfilter

    • Size

      18KB

    • MD5

      585be83c1ee0ad009379369717ba988c

    • SHA1

      1a8712007f9ef593044350226b829a9fb25f91ad

    • SHA256

      11cd544a84ebfe0f4c26934afc6b5eb63dbc610827dd4ffd43a29835c3196a6c

    • SHA512

      fa4816d9b452f0f4a39ef6e9a992d8780c350fa37ac8896961f057d172b648a2e72b6ef0db3d9936660173e06bb37100b654c3463d423715cc44ea7dbba51c25

    • SSDEEP

      384:fi6uMdEEHV+rFednYMCQ7UfBXh18I74dOPtpiYbs5tTVdiM:rqoU8a9Q7UVP37JTs5tTVdF

    Score
    1/10
    behavioral8

    • Target

      getroot/prctl_coredump

    • Size

      8KB

    • MD5

      cb956b01b2d8e5038423d5418129f63c

    • SHA1

      a01dffb8814a92592cb730246a1b4ae916b4938b

    • SHA256

      a74e005a564a2e4d78649f869b59a26b5f5608dcb052a99763522d67077350ef

    • SHA512

      105d50f9593bc80dedc24bd34c1a35c405595f2f14ae66d45179740952c4c17b714a1a7abf6f9e113e766e4b30fe0c94aed15a5bea7c19026f28385afc2f00ea

    • SSDEEP

      192:fcw+CM40opsPCULU65KbdnMncAWjyP5LfUu0P:fdmDU65KbdnGMj65LfUuu

    Score
    1/10
    behavioral9

    • Target

      getroot/prctlpute

    • Size

      7KB

    • MD5

      8ec87dac0c793ad73adf2d679a28d069

    • SHA1

      dab3078bba3dd0328bbaee9f73d24765fec8c8c5

    • SHA256

      cd701f7e6c4ed0f03ceace516417ec477dff6bbf2417041e4c087e4baef91502

    • SHA512

      4e7281959bd32b5a9475fc69170198c72b34e2f036f8560aecdd4109e8ca7d6b2439fcc1cf77a0e0685f69c050706bb492e2cb35bd4b8514aa8883f9f7d3d84d

    • SSDEEP

      96:fUChVNWnBEscNMbD4I7pstIPj/f2sSUIc6SaiuaDirBKCRdQV+V5V3afOG+G:fHziBE8Dy2l9Ic6BKCRdQe5V9g

    Score
    1/10
    behavioral10

    • Target

      getroot/ptrace_pokeuser

    • Size

      9KB

    • MD5

      898dde6afb3142e607528359b0935e9e

    • SHA1

      237fc44013a1975c4da3eda5a3dee150b6d21b3b

    • SHA256

      5e440444f93a5ab3f5b945e8bc57b7ee9713b0617d67862014e6616b4dbb0a75

    • SHA512

      08badd3a4f7536df24a46d589aa1ee9dabd114da8f42013d1db72517d282d0de89199fd83cfb471a98bda947b484c52fe582240993b1995ae146cde61e9e5707

    • SSDEEP

      192:GXH+juafdgFsjLdvkscNvT1sZlLXWPSWenBx:sQfdfjhcscNNPS5

    Score
    7/10

    • Traces itself

      Traces itself to prevent debugging attempts

    behavioral11

    • Target

      getroot/rds-privesc

    • Size

      11KB

    • MD5

      2851430aa56a27c2069463784edec7d1

    • SHA1

      60a79d0e87dab83bef8622eb652e5161364648cb

    • SHA256

      ee7a6c5fd482177406dae58eb250fa00ca7f30faba58bf79de15aea807fee991

    • SHA512

      99a123955c2302ecb050fa4edf51dd127faa4eb9df5b810056cfc3a3530a4500602da3907fbe887143653d5634f6678ba1f25c5fe55f2bc0b69333f194c5aa8d

    • SSDEEP

      192:fnKmDTbYPwzWqs3LQ+SEptNFytZeLkn30U:fdMP95bQ1tZe4nj

    Score
    1/10
    behavioral12

    • Target

      getroot/udev-141

    • Size

      7KB

    • MD5

      4c62967a90dc9a96cb95dbf0085e08b1

    • SHA1

      e54ff90c390006113ccb8f056eb540d6508286df

    • SHA256

      b1270e43968880be67b8a03e51df4f6c7fff525fb43033bae06b2a76f3a40f1c

    • SHA512

      7128d578b6c296b188a43661cbef2e737f1bebe89d3edccf60c9c03f130e052ca9c4061433537b5bfca69a9edb55890e207d8b7891b9a802cf8845c48b75f9d5

    • SSDEEP

      96:fNarj1Kbz9K+R/Y9pr7OCtjt30mnqvG2LhhGd5ZorT+cevr3Pyx2WFH:ffKpr7OqtZug2dR

    Score
    1/10
    behavioral13

    • Target

      getroot/vmsplice

    • Size

      10KB

    • MD5

      24075f37b686e462638ff008e261dc39

    • SHA1

      7477a848d8ffffffac275f6e94c1b47f8992466a

    • SHA256

      dcb93f8437020f853fb42a3f1e248514efda6a7698addee235e2d3edfdf79b95

    • SHA512

      f9a8b281588778ce6db8ce8f7e93457092552669adcb0fa38d4d8bdc3aa41e773150a9204721178462ef6e66890b702ba143b664ff020e4488e65f5a8df56715

    • SSDEEP

      192:fX3ETppMpO84pdPLzY2opJ/c50swALbYvB:fX3ETTSennpopFG0xAQ

    Score
    1/10
    behavioral14

    • Target

      getroot/vmsplice2

    • Size

      511KB

    • MD5

      ad297e8562bbb3e52187379c87264781

    • SHA1

      745e3c9509099d13c487455529bf6aea9f5fa29e

    • SHA256

      64a903f40c608b08c1e3ac16f32a66d87244f4de8c93700300387697a6de9a19

    • SHA512

      d061e1484e6973a2a280a7658650230c41f8e8ba38906fab8c2e09421f00bce8c806ec226c34dc97f4227cd1b3fdfa54a34011184e41cf9cb4b496963936f3d1

    • SSDEEP

      12288:9Ne0WEtAFPRimzv8dnqHP/7lWo362fkskSsdW:9cjQAFPRiXdnqHPBjKkksNsM

    Score
    1/10
    behavioral15

    • Target

      getroot/vmsplice3

    • Size

      8KB

    • MD5

      cf6c56ba83b118b59339fd973facc936

    • SHA1

      dc5c121f2f9943df69c40e73e8458e44f1d460b3

    • SHA256

      7b034d75f9140be299d7731c2e51c3b81d0aa3f0b23b3c1744860f258f7a6eda

    • SHA512

      762a20f9689d8ea846e1fbd878534394af7b68308dd169480025fd569d9bc9d42bf2032f50679443b529c3d9aaec442a394b4934849865235f145833b6fdd232

    • SSDEEP

      96:fXNbIW9p649cDWhMRP1SiNgo55CmWr2TBDecWNnWplC43iwZ4DM6bQ+utG4+8f05:fXRXp6Ecq+EiSXB2lDecUi+ZxGQ5

    Score
    1/10
    behavioral16

MITRE ATT&CK Matrix ATT&CK v13

Tasks