f3e4e7c0bc1fdc5c826050e8dde5f8442ed515a6305e49633aa88b2ade70d034 | Triage

Sharing

General

Target

a1753da6571f90ac3dc3416c06e294f1.elf
Size

199KB
Sample

240417-kcemwshh37
MD5

a1753da6571f90ac3dc3416c06e294f1
SHA1

011d3dd7aa99e831403a39b901b56e032bc5c6d4
SHA256

f3e4e7c0bc1fdc5c826050e8dde5f8442ed515a6305e49633aa88b2ade70d034
SHA512

3e9ec50a06ddfde3398a1560821d706e60ea106395caa7826a84d82641c233e4cb53d96f6b6afe7fbb3717938bb6b7f29ffeb7bf957e4bcf0a6d7aafdded9c4b
SSDEEP

3072:p3eqjLRcfNj+i+/hMbhZGITIV1133e/hS/2kw:p3eyRcFjCgwU4334S/Rw

Score

7^/10

Malware Config

Targets

- Target
  
  a1753da6571f90ac3dc3416c06e294f1.elf
- Size
  
  199KB
- MD5
  
  a1753da6571f90ac3dc3416c06e294f1
- SHA1
  
  011d3dd7aa99e831403a39b901b56e032bc5c6d4
- SHA256
  
  f3e4e7c0bc1fdc5c826050e8dde5f8442ed515a6305e49633aa88b2ade70d034
- SHA512
  
  3e9ec50a06ddfde3398a1560821d706e60ea106395caa7826a84d82641c233e4cb53d96f6b6afe7fbb3717938bb6b7f29ffeb7bf957e4bcf0a6d7aafdded9c4b
- SSDEEP
  
  3072:p3eqjLRcfNj+i+/hMbhZGITIV1133e/hS/2kw:p3eyRcFjCgwU4334S/Rw
Score

7^/10
- Changes its process name
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1