303bd3f1d49dd849729452303c02b81ccbf698cc0f85c91a66377632cb47db60 | Triage

Resubmissions

25-03-2024 14:11

240325-rhh1tsdc8s 7

25-03-2024 13:34

240325-qvadsacc8y 1

25-03-2024 13:24

240325-qnk7psca5z 7

19-02-2024 06:05

240219-gs6jrsag62 7

Sharing

General

Target

303bd3f1d49dd849729452303c02b81ccbf698cc0f85c91a66377632cb47db60.elf
Size

97KB
Sample

240219-gs6jrsag62
MD5

bb1eac137422a07a2f3ad14ab820631d
SHA1

55a5238efdd6a70d160ef50789172442eb89d95e
SHA256

303bd3f1d49dd849729452303c02b81ccbf698cc0f85c91a66377632cb47db60
SHA512

42bb2d9186748dc8b1db9c7c71b61d42769b1afd46c1d0be34e42c324954aa91d477a51c6afabd97d0c538a02d97071942df6bf5a959735e2a8a99dddd2bb47b
SSDEEP

1536:WOnBiN7KBuo19rMjTxpv9+as/LR7kED0mlv6i1o9FB1F+RY7XCMG:kNPNjL9+as/LR7kA5o9FLF+RcCMG

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  303bd3f1d49dd849729452303c02b81ccbf698cc0f85c91a66377632cb47db60.elf
- Size
  
  97KB
- MD5
  
  bb1eac137422a07a2f3ad14ab820631d
- SHA1
  
  55a5238efdd6a70d160ef50789172442eb89d95e
- SHA256
  
  303bd3f1d49dd849729452303c02b81ccbf698cc0f85c91a66377632cb47db60
- SHA512
  
  42bb2d9186748dc8b1db9c7c71b61d42769b1afd46c1d0be34e42c324954aa91d477a51c6afabd97d0c538a02d97071942df6bf5a959735e2a8a99dddd2bb47b
- SSDEEP
  
  1536:WOnBiN7KBuo19rMjTxpv9+as/LR7kED0mlv6i1o9FB1F+RY7XCMG:kNPNjL9+as/LR7kA5o9FLF+RcCMG
Score

7^/10

persistence
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence
- Modifies Bash startup script
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task/Job

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1