693835ecf1e4cb184b4dc9ce9145bb5ed1ec1840d83df8dc500d3c8d233b46fd | Triage

Sharing

General

Target

b5badeb16414cba66999742601c092b8
Size

141KB
Sample

231222-rdatnahba8
MD5

b5badeb16414cba66999742601c092b8
SHA1

cc946b2c2e5cb0b28873c9f7ff4d17ee593fc3c2
SHA256

693835ecf1e4cb184b4dc9ce9145bb5ed1ec1840d83df8dc500d3c8d233b46fd
SHA512

df35a692d568e579c8affea2b5ce183f323b7bfdacdbb258f7983362684dcf3dd7b8bf70ab641915d9ff45a1f7bef66fcc0873d801f2d4543dcbbb39fe8d2f51
SSDEEP

3072:eWj2XFPG3QLoqnl0mGDhtn0B4ANKG7F/8GQxe83RL:esEmmGDDnnANKG7F/8GQxe83RL

Score

6^/10

linux persistence

Malware Config

Targets

- Target
  
  b5badeb16414cba66999742601c092b8
- Size
  
  141KB
- MD5
  
  b5badeb16414cba66999742601c092b8
- SHA1
  
  cc946b2c2e5cb0b28873c9f7ff4d17ee593fc3c2
- SHA256
  
  693835ecf1e4cb184b4dc9ce9145bb5ed1ec1840d83df8dc500d3c8d233b46fd
- SHA512
  
  df35a692d568e579c8affea2b5ce183f323b7bfdacdbb258f7983362684dcf3dd7b8bf70ab641915d9ff45a1f7bef66fcc0873d801f2d4543dcbbb39fe8d2f51
- SSDEEP
  
  3072:eWj2XFPG3QLoqnl0mGDhtn0B4ANKG7F/8GQxe83RL:esEmmGDDnnANKG7F/8GQxe83RL
Score

6^/10

persistence
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task/Job

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1