Overview

overview

7

Static

static

1

bin/dir

ubuntu-18.04-amd64

bin/encrypt

ubuntu-18.04-amd64

bin/find

ubuntu-18.04-amd64

bin/hide

ubuntu-18.04-amd64

3

bin/hide

debian-9-armhf

3

bin/hide

debian-9-mips

3

bin/hide

debian-9-mipsel

1

bin/ifconfig

ubuntu-18.04-amd64

bin/ls

ubuntu-18.04-amd64

bin/lsof

ubuntu-18.04-amd64

bin/md5sum

ubuntu-18.04-amd64

bin/netstat

ubuntu-18.04-amd64

bin/ps

ubuntu-18.04-amd64

bin/pstree

ubuntu-18.04-amd64

bin/shp

ubuntu-18.04-amd64

1

bin/shp

debian-9-armhf

1

bin/shp

debian-9-mips

1

bin/shp

debian-9-mipsel

1

bin/shsb

ubuntu-18.04-amd64

1

bin/shsb

debian-9-armhf

1

bin/shsb

debian-9-mips

1

bin/shsb

debian-9-mipsel

1

bin/shsniff

ubuntu-18.04-amd64

bin/slocate

ubuntu-18.04-amd64

.sh/shhk.pub

windows7-x64

4

.sh/shhk.pub

windows10-2004-x64

3

.sh/sshd

ubuntu-18.04-amd64

7

bin/syslogd

ubuntu-18.04-amd64

bin/sz

ubuntu-18.04-amd64

1

bin/sz

debian-9-armhf

1

bin/sz

debian-9-mips

1

bin/sz

debian-9-mipsel

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    f17282a4c027fffefe94d01c61327710

  • Size

    560KB

  • Sample

    231222-tz1y3sgcgm

  • MD5

    f17282a4c027fffefe94d01c61327710

  • SHA1

    087c70b0fa9a06d9d254c38e754c160d856cc8c2

  • SHA256

    0fdde197684ab341d0582dbde0d6bdce41ff3eacfe9319960127472ff7dad668

  • SHA512

    055867677fc425452ce548e6c33ea2320332f503da041f2e9b082c2ffa144a374446c813317ebe64bb78115d0bf8939fb68ca81cb719d69562ef387f6350ba24

  • SSDEEP

    12288:rBfBknyLH1jWxnwL64+m7AYXbaM8S1B+VRGsEes:TkWhWRhNm7AYB8YB+VRGf

Score
7/10
linux

Malware Config

Targets

    • Target

      bin/dir

    • Size

      38KB

    • MD5

      0a07cf554c1a74ad974416f60916b78d

    • SHA1

      7a795a4171d5299bd0a872ee8167302e987a2b60

    • SHA256

      adbee847c12c73605ff657e668c8096df138f824eb542027a10c0b5c07619c8d

    • SHA512

      cb6e2812a1139d2bf9fa4c3f9520abf9e7cf174d2dd4618d1466eef594fb6d1ce5c7f99749ad0198cfca5e4fae9a9162eae34ab154136374b08676b5338f77e3

    • SSDEEP

      768:s3l+cHWaOgQV/MAVM1Kr2C9LJnKCM4wizkqycPTf6wgNp9di3olo44j:s3EgUMAVMsrtJnK94yqNr6PNp9d3lp4j

    Score
    1/10
    behavioral1

    • Target

      bin/encrypt

    • Size

      14KB

    • MD5

      f5f44fab05bac3fe711c618923ed3ef8

    • SHA1

      72377df6287c05fc4df499c43a2b6c41f7499753

    • SHA256

      7c9816b5f1b840eb8c5ecfc0fed29972877ca5bd909469d03f26d3b8f837043d

    • SHA512

      f6da55b78d582f4fd47ef5484fe990454f39b635559b2ec5ae0ab4338267f53e1a0f47bfba523c8718fa24b403a9306c751b162bb1f65bfe82ed3a3f6668c19b

    • SSDEEP

      384:flGzV0z3vNhSM/2z8l8rsa8msMp8hs8c87sT8DsD8hss8as98iXZ:tb/s8l8rsa8msS8hs8c87sT8DsD8hssm

    Score
    1/10
    behavioral2

    • Target

      bin/find

    • Size

      58KB

    • MD5

      98596eaad65b9f748fca2dcf48a9b3ef

    • SHA1

      56ada806da802a8c0ad244eb754024bd421e8f85

    • SHA256

      3efee976d6565edd1492aa1047ffa10be6025de18206f6c68f91dd218801778f

    • SHA512

      ff442ccb0d1c74e3bd0377fd1bdb90757c4e6d32d0003723c4e75a1749cd70cde52dc2858773a60e43ce2817909f206d7438a4bb8a9accfc60a8deecd81318d9

    • SSDEEP

      768:G1diNZRkM5c30zRGsqbU1JfK9ROPij7MBps9ofUCPnKWeb7A:UikVkzgsqQG9RODpsictzb7

    Score
    1/10
    behavioral3

    • Target

      bin/hide

    • Size

      1KB

    • MD5

      d954ef29a2ca0c5c7c9afcfd847db958

    • SHA1

      5fa6e3e573677ca256fcc42f7bb5ebabbf41ab50

    • SHA256

      4735f97b31ddb8a1bbc61e8d66b4dbc08d8092142d8ae7564f9058e0a20bbbb6

    • SHA512

      4b86413639648f4fbe55053eb456cec92d1526c5ed4f1b267d3148ae4d1c1f05e4d90215f6ce7a7ded713a861758140577e1e94f80699cc34b2e7e011df3f313

    Score
    3/10
    behavioral4behavioral5behavioral6behavioral7

    • Target

      bin/ifconfig

    • Size

      30KB

    • MD5

      e4738d828b366ac21572e6a17f7ecba4

    • SHA1

      2b4f36485056ab6edde2521f8dda623dfe603e0d

    • SHA256

      89a400077d74d1d76103180f41f40de6bcfffc89de461f497eef2ea763a68d73

    • SHA512

      5ea540e5ca2ecfdc515ff9bc81a7679e6146468c8290903511b733e4f337df03ae6a48c73c15ed6a6c757b3356b2a25764481576612e3dbdf7fb241f5ca9fa57

    • SSDEEP

      768:RaqAVHiuJevkBG4PjVDmULhhjVDm/rPbSOz:RaFTJe8BG7AhhRerPmOz

    Score
    1/10
    behavioral8

    • Target

      bin/ls

    • Size

      38KB

    • MD5

      0a07cf554c1a74ad974416f60916b78d

    • SHA1

      7a795a4171d5299bd0a872ee8167302e987a2b60

    • SHA256

      adbee847c12c73605ff657e668c8096df138f824eb542027a10c0b5c07619c8d

    • SHA512

      cb6e2812a1139d2bf9fa4c3f9520abf9e7cf174d2dd4618d1466eef594fb6d1ce5c7f99749ad0198cfca5e4fae9a9162eae34ab154136374b08676b5338f77e3

    • SSDEEP

      768:s3l+cHWaOgQV/MAVM1Kr2C9LJnKCM4wizkqycPTf6wgNp9di3olo44j:s3EgUMAVMsrtJnK94yqNr6PNp9d3lp4j

    Score
    1/10
    behavioral9

    • Target

      bin/lsof

    • Size

      80KB

    • MD5

      56b863dcfacadf6d66d859e2ee59517e

    • SHA1

      bbad81dbc30e06ce4110cd5bff9baa176bb28089

    • SHA256

      939cc74b5343bde1a17dfa270f8e6dc719a4bc6b3143f4581b401c81fd9a110d

    • SHA512

      768cac072a4242883fa42ac7519d39f3a89a18843d9e7d85340b9b21a9e5a8c161df4721f77932cddbda26f39aca14bfed030edf92828a6b3c035ee778cdc1d8

    • SSDEEP

      1536:sYJx9dWyLrFE/GyZ8gfYae68EP7Cq/qmWHXSIx9qqzAq5HrRAH8SqwJ9kXanzsex:nD9vrSGG8unH8k5/qm2iGpAq5t28SqwF

    Score
    1/10
    behavioral10

    • Target

      bin/md5sum

    • Size

      30KB

    • MD5

      f7acbc61f8715bdda41989683bc8e8a8

    • SHA1

      082f99da99198e0cd9fcd14f2511cfb0e9eded60

    • SHA256

      89b68f8ea6a32d525fbf491878980180ffa395b042ea3104b11da229bade71db

    • SHA512

      07811d746f3e64d4e9525c920614feef3f05e8afa3ce4fd6fa95322ed4a776da4b17a3e80f76bfe6df9af62e30b35dd4fcd7f43655caccc1f8329a2aae873f95

    • SSDEEP

      768:XGvMMSWAAX404vG0CUDjfDLLLLT04Z4C:XGv9jt0CUDjLLLLLTKC

    Score
    1/10
    behavioral11

    • Target

      bin/netstat

    • Size

      52KB

    • MD5

      195075782a2f7853731bf3e0c62e6925

    • SHA1

      3fb2b2713e99bbf8a9a0700ecbc823d060c3d0b7

    • SHA256

      39823089fa324ceba00d5939d2e7b308fec28ee0f16c6caa4739a53ad6ecee64

    • SHA512

      2629068705693eb4333eaadf6bde41d3f53163ba463ebd35a8726efbddd9a3e5d787211870ce052af1e52ab3e496fe57599103ee3bc0deac7836be473b9dd49e

    • SSDEEP

      768:SJDe9bZJmH7nRtpJDFSZDDPe01TIb73o/73erPINCUDUPWf5Ts3fU1K5BEEP6:SsxZJmbvPQD447swhWffcEP6

    Score
    1/10
    behavioral12

    • Target

      bin/ps

    • Size

      61KB

    • MD5

      ced323b51dc984f66c2695d8fd6a2368

    • SHA1

      46efcecf8383aee782f62bfc599edaa2e3c29903

    • SHA256

      72a44f3e7c4d9c9b72b1bda77d687346447d8e398983965b8e690eeeadebdc76

    • SHA512

      1854a3a91b0c9ecf727504f052b05c7b486f4b1d9edaabf8df2e982134829dcd8b04fc7189c6c90afcc99d43fb5af3f81104a629dcaad82f85a8d41ec23d9f48

    • SSDEEP

      768:jtuS/kVWo4VwgAQTCibJi/OR6QLlW+kJdw1SGi3Cri0tXjv2Q8gUgx9U2AoHE:jUgAQTCK6p0pi3Z66gNx9U2JHE

    Score
    1/10
    behavioral13

    • Target

      bin/pstree

    • Size

      12KB

    • MD5

      a1931a396d9a7ffbcd0c7612627073ba

    • SHA1

      e1c728b135a299597009081ab9362b6e970b5bb7

    • SHA256

      dbe7fc18667cd75317d494ed3b32cfe3cd077c870d015dc18b406a4a39747f55

    • SHA512

      01ebc7415851b4e3998df494da05006fa31559c64945a9141c45bf97b9ed72a0c9cff5bb0eb98f262cd02022fa7158ec801245dddae04b27ea8ef42f3cc09338

    • SSDEEP

      192:fwtcSzwENK9sC4TV2yPU6PxxrLZYhLudMMKEr1VXmc:fwdQ9sHVDPRPHrNYyVLm

    Score
    1/10
    behavioral14

    • Target

      bin/shp

    • Size

      7KB

    • MD5

      926784667fa921b38fceb124644f6568

    • SHA1

      9a3f86c3307935733d656710ec1fc17e5c196428

    • SHA256

      81dac9c6dc5e4ed615d496aea74fddc85925b00a6a54ddcbb90603c1469ce04c

    • SHA512

      c030b7b9ed62776e37bb43febd57975816a0ceabe7fc7cfd00ad99b851b61a700925a400c6cee51da7af1af2ecff72673923d20d69012468cf38f318af3fc016

    • SSDEEP

      192:Naz89cLUVm9sghCMmz/Y1Dow8iv/en4Hfv:NSScLF9sgh5R9ow8iviov

    Score
    1/10
    behavioral15behavioral16behavioral17behavioral18

    • Target

      bin/shsb

    • Size

      1KB

    • MD5

      12e8748c19abe7a44e67196c22738e9b

    • SHA1

      9a47ff44ce02730cf69e937937150662194c0b2c

    • SHA256

      fd702be65b1d3abed4c0197854c0c777a2bb50632932e1e389129b19b14a1e69

    • SHA512

      0a097b9126406674c2a4110d5f797097d675b9b60dfd5a669e8af60a1fb895cfc3f1b030d4e2cdeab5989f31f18aab961586be5ad171a9492cb5658233a352c7

    Score
    1/10
    behavioral19behavioral20behavioral21behavioral22

    • Target

      bin/shsniff

    • Size

      15KB

    • MD5

      63c6a53e779c06923344b15a0e8f1799

    • SHA1

      28108c465d2aa61ac267404d9b6caa530856d05f

    • SHA256

      72589dd25b491ed53670bc7d04f4874075fc7d16361fc295c31fc86118d84cbd

    • SHA512

      7bbbd786c8b8c4ba7ebae2765dca6440efa6573235c8734c55333851063d977abc13a47510a226b66454c704c30a94160d790b163c9ee6ce0e671d6b3cc9ad00

    • SSDEEP

      192:f7fL/UvCGZJgIx7uiSTPKVr4Wxu3v3Zf15v2/PU0c1cX+9Yg/JlkY67:f7KCGZg5uVLu3v3Zf15v2/w1C+6g/J2

    Score
    1/10
    behavioral23

    • Target

      bin/slocate

    • Size

      23KB

    • MD5

      3fc77d2a3ae361c86ef4629c0f5e380e

    • SHA1

      c10cba7cfbcf9466576a54e5f02ced54564f2633

    • SHA256

      6114624bf5d7e29f738f939bcc2bc794de9bf377a571fe1e84ae9159794308cf

    • SHA512

      8097ae5d54bfe917365dfaf07de1c6f6a721fd7509aef0ba91646da66fce1d40b77e0cfb8e84be9d715e8397ea6c80e8e3c7f345d1f6bb80f15815005ce5e666

    • SSDEEP

      384:fSQ5RBXjLwZbEP0GCUEOXVHh4bIVF7vXGNzIT92w1PwyBusADP6KU1DdDYBcP669:aOPwtf9UEGLkIVVXGNsT971YyAL6KXaz

    Score
    1/10
    behavioral24

    • Target

      .sh/shhk.pub

    • Size

      329B

    • MD5

      6eab14e3ccff6032c0cdee83e09b2308

    • SHA1

      8fdcc566d08678a0ed41a92717f6132c06e09041

    • SHA256

      b869b4f7ac7a4c5995fc5b147fb581239623fb2819a85c80a26bed69483aed60

    • SHA512

      5058829454e25d8975ab993bcb94064b96b01ccd96daf477829bd6674cb85cb4d2e521652c2a6b8a95214690e6f5aa85faaa0fb3683c1d0a2f7d209f67e0d83b

    Score
    4/10
    behavioral25behavioral26

    • Target

      .sh/sshd

    • Size

      207KB

    • MD5

      5a9690fa6129bc021bf40fb5f6c603bd

    • SHA1

      289b647084a2d442e20009cc747faa579023418b

    • SHA256

      0d4210111c88aa83ac6d87fa2f50393903757b54c2c24ab6635e1fdc0740d490

    • SHA512

      a2ca0d2c427c744c21d3c48fb5115f8530cf36cd08c6040945a211e896fe468908cccd0b74d81b5ad51c4b4e00ecf9397bf5087f7b1cf1bbc0431545245943f5

    • SSDEEP

      3072:BHlUUH0VU7wvr/UbrmbDA9IUTxbMZ+ln/HvGVtDlJYY3OCyC+lSMHF+UumYRH+3o:AVDTQrmnabUIn/gDHH3OCyIOFJooZK

    Score
    7/10

    • Executes dropped EXE

    behavioral27

    • Target

      bin/syslogd

    • Size

      25KB

    • MD5

      753d5e7af271c12e0803956dd8c2b8e6

    • SHA1

      31b752144bc9d35ca72d577a406558e110c06fcd

    • SHA256

      467f34eee9d133653467a60ab0fe938d7c26918465a2ac938d2ffc6f2525b1ff

    • SHA512

      4e104965844f241dd155cfd6bd66b5db69051ae6d7f1766f28fc0a7dadb14c95d1a2942950b525071cf71ccbc8715bdb65c0dd35fb516de6b2f76e3314b724b2

    • SSDEEP

      768:xFwIZReVTB0pdFdlGhMDF6dsj49fdcYVkgOjt3x7:AI2pB0pdFd0hUIej2fdcYVZ+D7

    Score
    1/10
    behavioral28

    • Target

      bin/sz

    • Size

      1KB

    • MD5

      f2e3b130a937af92ff507315406589b1

    • SHA1

      1a7993abf1facebd3bca58dfa24f232f682ace6d

    • SHA256

      1e2699ff1f9238c58390c1ada53f4f21032ca5e0946bfb54a5a144452e6efc82

    • SHA512

      413628bce8a15e7642639bf30e0e73ed934364fa1de6532e1820e0d35ba8d309bf3fe7f68412ef8ca86c4b2aceb74ec45563ee300a45a69397dffc4a2263a9e3

    Score
    1/10
    behavioral29behavioral30behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks