General
-
Target
d.py
-
Size
2KB
-
Sample
240215-29357abg98
-
MD5
2a8df33aa6948528816c4bb9b9a48752
-
SHA1
0dd5919d50cf6861985c3a1629d501c986876dd3
-
SHA256
e5062a17af9e778231b73f94099db13cefde1cbb2b5466e2234e2c5b75764c97
-
SHA512
6da29ea77cc85fd3766c6f4b8554ceea6f49d770854366d69d4a3c8709947e45128241c1e81a09761b76e5a2a6b67d54504aa9a55973fb01728428d75474b337
Malware Config
Targets
-
-
Target
d.py
-
Size
2KB
-
MD5
2a8df33aa6948528816c4bb9b9a48752
-
SHA1
0dd5919d50cf6861985c3a1629d501c986876dd3
-
SHA256
e5062a17af9e778231b73f94099db13cefde1cbb2b5466e2234e2c5b75764c97
-
SHA512
6da29ea77cc85fd3766c6f4b8554ceea6f49d770854366d69d4a3c8709947e45128241c1e81a09761b76e5a2a6b67d54504aa9a55973fb01728428d75474b337
Score10/10-
Detects Kaiten/Tsunami Payload
-
Detects Kaiten/Tsunami payload
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Reads CPU attributes
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Writes file to system bin folder
-