9100bc0eb0bce4f5f7fc314fa820b4dee00db8d31892ec6fdb4fccca801a40d0 | Triage

Sharing

General

Target

9100bc0eb0bce4f5f7fc314fa820b4dee00db8d31892ec6fdb4fccca801a40d0.elf
Size

2.7MB
Sample

240316-c3hhgabg23
MD5

9e0d1124dae07a104dcb93b2e27e8ddc
SHA1

c310ec9924e2371402e8d3df66624a126a673996
SHA256

9100bc0eb0bce4f5f7fc314fa820b4dee00db8d31892ec6fdb4fccca801a40d0
SHA512

755fd513c180c1f803d437caf90c06ed7dbf521c0440941cbd028f134b4eda41772d97ff19e13a234c6e99c32661c1ca68aa5c5a7c43964e04ff0631221e4aba
SSDEEP

49152:icuP/zBmSnI8WX/Pjoc53lvzjbOzcWn52bPT:ruPb0n3jRVvzwpM

Score

8^/10

linux persistence

Malware Config

Targets

- Target
  
  9100bc0eb0bce4f5f7fc314fa820b4dee00db8d31892ec6fdb4fccca801a40d0.elf
- Size
  
  2.7MB
- MD5
  
  9e0d1124dae07a104dcb93b2e27e8ddc
- SHA1
  
  c310ec9924e2371402e8d3df66624a126a673996
- SHA256
  
  9100bc0eb0bce4f5f7fc314fa820b4dee00db8d31892ec6fdb4fccca801a40d0
- SHA512
  
  755fd513c180c1f803d437caf90c06ed7dbf521c0440941cbd028f134b4eda41772d97ff19e13a234c6e99c32661c1ca68aa5c5a7c43964e04ff0631221e4aba
- SSDEEP
  
  49152:icuP/zBmSnI8WX/Pjoc53lvzjbOzcWn52bPT:ruPb0n3jRVvzwpM
Score

8^/10

persistence
- Modifies password files for system users/ groups
  Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
- Adds a user to the system
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence
- Modifies Bash startup script
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

User Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1