General

  • Target

    system.pub

  • Size

    5.0MB

  • Sample

    240223-krksfsdh8y

  • MD5

    79a1b9d88ee7423d040df8f13acfce2e

  • SHA1

    3916eeaa33bc68ded08ec7f93e7c930b3eea4222

  • SHA256

    c14b0aa9f855639d4bebe2e1f501d63fcec39cd9b46b48944866a277eb0dcdd3

  • SHA512

    e329a67725df94e91995aa8d3f7a18812c600008b1bbb35f630a36cc76af8856c22cd7d48b84eef70696ae202df8ec51b616f80962da5db111bc19a8889b48e7

  • SSDEEP

    49152:FGKPMxchyyTrCXDMrTZ3+tVNfEP2KmpAP5EWOigY/zA95xwR:TMmhyyTSe3+BnwExvxa

Malware Config

Targets

    • Target

      system.pub

    • Size

      5.0MB

    • MD5

      79a1b9d88ee7423d040df8f13acfce2e

    • SHA1

      3916eeaa33bc68ded08ec7f93e7c930b3eea4222

    • SHA256

      c14b0aa9f855639d4bebe2e1f501d63fcec39cd9b46b48944866a277eb0dcdd3

    • SHA512

      e329a67725df94e91995aa8d3f7a18812c600008b1bbb35f630a36cc76af8856c22cd7d48b84eef70696ae202df8ec51b616f80962da5db111bc19a8889b48e7

    • SSDEEP

      49152:FGKPMxchyyTrCXDMrTZ3+tVNfEP2KmpAP5EWOigY/zA95xwR:TMmhyyTSe3+BnwExvxa

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks