9100bc0eb0bce4f5f7fc314fa820b4dee00db8d31892ec6fdb4fccca801a40d0 | Triage

Resubmissions

27-04-2024 08:47

240427-kp68nsff9w 8

15-03-2024 10:27

240315-mg4hxseb4t 8

Sharing

General

Target

SecuriteInfo.com.ELF.Armbar-B.13586.26645.elf
Size

2.7MB
Sample

240315-mg4hxseb4t
MD5

9e0d1124dae07a104dcb93b2e27e8ddc
SHA1

c310ec9924e2371402e8d3df66624a126a673996
SHA256

9100bc0eb0bce4f5f7fc314fa820b4dee00db8d31892ec6fdb4fccca801a40d0
SHA512

755fd513c180c1f803d437caf90c06ed7dbf521c0440941cbd028f134b4eda41772d97ff19e13a234c6e99c32661c1ca68aa5c5a7c43964e04ff0631221e4aba
SSDEEP

49152:icuP/zBmSnI8WX/Pjoc53lvzjbOzcWn52bPT:ruPb0n3jRVvzwpM

Score

8^/10

linux persistence

Malware Config

Targets

- Target
  
  SecuriteInfo.com.ELF.Armbar-B.13586.26645.elf
- Size
  
  2.7MB
- MD5
  
  9e0d1124dae07a104dcb93b2e27e8ddc
- SHA1
  
  c310ec9924e2371402e8d3df66624a126a673996
- SHA256
  
  9100bc0eb0bce4f5f7fc314fa820b4dee00db8d31892ec6fdb4fccca801a40d0
- SHA512
  
  755fd513c180c1f803d437caf90c06ed7dbf521c0440941cbd028f134b4eda41772d97ff19e13a234c6e99c32661c1ca68aa5c5a7c43964e04ff0631221e4aba
- SSDEEP
  
  49152:icuP/zBmSnI8WX/Pjoc53lvzjbOzcWn52bPT:ruPb0n3jRVvzwpM
Score

8^/10

persistence
- Modifies password files for system users/ groups
  Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
- Adds a user to the system
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence
- Modifies Bash startup script
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Boot or Logon Autostart Execution

Privilege Escalation

Hijack Execution Flow

Boot or Logon Autostart Execution

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1