5b18e6fb2d34c9cbdaa7d75c89d3fd884468f783dc0c811b27e839af40ee6c84 | Triage

Sharing

General

Target

linuxkiller.sh
Size

303B
Sample

240327-swwdraac8w
MD5

0ac2a952c6cb167a68904bf9f21b11c8
SHA1

c455038493c2c234384435af128e21418d584a0f
SHA256

5b18e6fb2d34c9cbdaa7d75c89d3fd884468f783dc0c811b27e839af40ee6c84
SHA512

ab1e6dd2a062307166cdaff39fdea43e7fb27a3d403df4ec4cd2b53674ba4b255667adc2c3a062c742981d94c23b98b63773975e8f7b8c21be0152725757a3be

Score

7^/10

antivm linux persistence

Malware Config

Targets

- Target
  
  linuxkiller.sh
- Size
  
  303B
- MD5
  
  0ac2a952c6cb167a68904bf9f21b11c8
- SHA1
  
  c455038493c2c234384435af128e21418d584a0f
- SHA256
  
  5b18e6fb2d34c9cbdaa7d75c89d3fd884468f783dc0c811b27e839af40ee6c84
- SHA512
  
  ab1e6dd2a062307166cdaff39fdea43e7fb27a3d403df4ec4cd2b53674ba4b255667adc2c3a062c742981d94c23b98b63773975e8f7b8c21be0152725757a3be
Score

7^/10

antivm persistence
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Deletes log files
  Deletes log files on the system.
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads CPU attributes
- Write file to user bin folder
- Writes file to system bin folder
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Virtualization/Sandbox Evasion

Indicator Removal

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

antivmpersistence

behavioral3

behavioral4