General
-
Target
06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725.zip
-
Size
1.1MB
-
Sample
240301-t5g36aaa21
-
MD5
31692b884b0f8455d48a17e4d1b5d494
-
SHA1
e2f3a27d7d07715ee85661a6e6b6cd50ff832eac
-
SHA256
5e3d97c85f20db3a0fa5d50fd80c2a68841595c0d06cc8e5018c56488df156b8
-
SHA512
489307bb5e77c6e508dfa2a82880103ed2b9050c25d5af1fc54cafaeb46fdf763c87851a1ad5e5569d07da2206c34ad84f17a42e5e01aab543d9bd6ddbcff498
-
SSDEEP
24576:Fh4ZEAmq7nVbOyPslcnKyKi5vEsnHzZU0c0dpo58d++JOC:g7nJJkCnKyEQlU0c0dpovG
Malware Config
Targets
-
-
Target
06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725.elf
-
Size
2.4MB
-
MD5
87adb14271dc49e6b0f2eb4b03f4bbe7
-
SHA1
76215e7047773dd05b8af8e96689b2fe7e7b2ffc
-
SHA256
06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725
-
SHA512
7c91f20bb3f9535db2bb381a2ca05f3d600941efd2c581b7c69a7e998405782bbcf1aacc6459987c72dc3ab422aefb4ecd89f661cf353fa298ed2aad8153ae60
-
SSDEEP
49152:2bjPXEinhLENX/bX40MA4sDM9RIfiv2eZRBqnlptIU6iQnkgWbwL/KIRpvg9Suj:4YinhLEBo0MA4sDoIqv2eZOnlw+QnHp8
Score9/10-
Renames multiple (9483) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Manipulates ESXi
Manipulates ESXi.
-
Modifies Polkit authorization policy
Modifies rule/ action files in Polkit, possibly to grant additional privileges.
-
Reads CPU attributes
-
Write file to user bin folder
-