Overview

overview

7

Static

static

7

bc7e80232e...51621d

ubuntu-18.04-amd64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    bc7e80232e28c680a585c3cc1125fb10862d338e5a4b94cdfdfb954df451621d

  • Size

    729KB

  • Sample

    240410-q79z6saa63

  • MD5

    3cf7a4eb316d21c157eed5281d81b3c2

  • SHA1

    b7af9ad5ad2733beb7f7b584f0387dd3eeb3983b

  • SHA256

    bc7e80232e28c680a585c3cc1125fb10862d338e5a4b94cdfdfb954df451621d

  • SHA512

    eb587fbaea99e65196be8983880bc61237fa74d15efb49802118b3337728c4ffa15ee1e3fabb2dc0e5dcce1b7ed9295146d1fe6c35694c86868fb8063c58efae

  • SSDEEP

    12288:QX7M4MaOI6cblRNs2DRmdaxUSuLDWE2tgybOhzcgB/AH2QiDk7Q5h3+fyamStqw/:QXI4Hr6cblnsegYiXOEcgZAbjQz3+fqq

Score
7/10
antivmlinuxpersistenceupx

Malware Config

Targets

    • Target

      bc7e80232e28c680a585c3cc1125fb10862d338e5a4b94cdfdfb954df451621d

    • Size

      729KB

    • MD5

      3cf7a4eb316d21c157eed5281d81b3c2

    • SHA1

      b7af9ad5ad2733beb7f7b584f0387dd3eeb3983b

    • SHA256

      bc7e80232e28c680a585c3cc1125fb10862d338e5a4b94cdfdfb954df451621d

    • SHA512

      eb587fbaea99e65196be8983880bc61237fa74d15efb49802118b3337728c4ffa15ee1e3fabb2dc0e5dcce1b7ed9295146d1fe6c35694c86868fb8063c58efae

    • SSDEEP

      12288:QX7M4MaOI6cblRNs2DRmdaxUSuLDWE2tgybOhzcgB/AH2QiDk7Q5h3+fyamStqw/:QXI4Hr6cblnsegYiXOEcgZAbjQz3+fqq

    Score
    7/10
    antivmpersistenceupx

    • Deletes itself

    • Executes dropped EXE

    • Modifies PAM framework files

      Modifies Linux PAM framework files, possibly to intercept credentials.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks