02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6 | Triage

Sharing

General

Target

02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf
Size

92KB
Sample

240425-bc29hscf2s
MD5

dc5798b63ec910732be55e786b58736b
SHA1

cc0c6f8bb673a14e57d54ebb423fa8422886882e
SHA256

02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6
SHA512

61b9fe50a4bf3f6f7014410eb4374ac6cb98820911fad9e34c324ee02c194858d6d59fb50e449241825c181265be41cacadb8c9c53fe581fb1950ac703bab0c8
SSDEEP

1536:HQAaxtd+eDyG9voQUV+1Fb4eLaQV3u5ewdks7zSMLoEQ1It3R+yd5pwWa7DrjZt/:wAaLoCyMA+fdGiAr2+q

Score

7^/10

linux

Malware Config

Targets

- Target
  
  02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6.elf
- Size
  
  92KB
- MD5
  
  dc5798b63ec910732be55e786b58736b
- SHA1
  
  cc0c6f8bb673a14e57d54ebb423fa8422886882e
- SHA256
  
  02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6
- SHA512
  
  61b9fe50a4bf3f6f7014410eb4374ac6cb98820911fad9e34c324ee02c194858d6d59fb50e449241825c181265be41cacadb8c9c53fe581fb1950ac703bab0c8
- SSDEEP
  
  1536:HQAaxtd+eDyG9voQUV+1Fb4eLaQV3u5ewdks7zSMLoEQ1It3R+yd5pwWa7DrjZt/:wAaLoCyMA+fdGiAr2+q
Score

7^/10
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1