ec42e1562fab95d0fbc86b3980cc392e368b50a4a150a2258d4293e4de1bc730 | Triage

Sharing

General

Target

ec42e1562fab95d0fbc86b3980cc392e368b50a4a150a2258d4293e4de1bc730
Size

829KB
Sample

240410-r5prwseg7w
MD5

c3eb3cfd10be2d0351ab73466c10e956
SHA1

cd587f71d861f501f5bca39aa17a0069b2488d1e
SHA256

ec42e1562fab95d0fbc86b3980cc392e368b50a4a150a2258d4293e4de1bc730
SHA512

0503ab3bb164d2df30552f327ac13d4a99a3cb3e818c2fbd3e776e4c6db60dea44ae2a27a045e0638fa003b01ce0e0a59bf9e345f12d25f32f4c09af337f5c9f
SSDEEP

12288:+dn9cS78n8E8vNLDoOe+haIpI9hzGiMTt2CJt/siQ529loXi3ZVNp1vH/MNSMGj:+dx8uNLsbyax9hzvCbsiQUyX4THr

Score

7^/10

linux persistence upx

Malware Config

Targets

- Target
  
  ec42e1562fab95d0fbc86b3980cc392e368b50a4a150a2258d4293e4de1bc730
- Size
  
  829KB
- MD5
  
  c3eb3cfd10be2d0351ab73466c10e956
- SHA1
  
  cd587f71d861f501f5bca39aa17a0069b2488d1e
- SHA256
  
  ec42e1562fab95d0fbc86b3980cc392e368b50a4a150a2258d4293e4de1bc730
- SHA512
  
  0503ab3bb164d2df30552f327ac13d4a99a3cb3e818c2fbd3e776e4c6db60dea44ae2a27a045e0638fa003b01ce0e0a59bf9e345f12d25f32f4c09af337f5c9f
- SSDEEP
  
  12288:+dn9cS78n8E8vNLDoOe+haIpI9hzGiMTt2CJt/siQ529loXi3ZVNp1vH/MNSMGj:+dx8uNLsbyax9hzvCbsiQUyX4THr
Score

7^/10

persistence upx
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1