General
-
Target
SecuriteInfo.com.ELF.Armbar-B.13586.26645.elf
-
Size
2.7MB
-
Sample
240427-kp68nsff9w
-
MD5
9e0d1124dae07a104dcb93b2e27e8ddc
-
SHA1
c310ec9924e2371402e8d3df66624a126a673996
-
SHA256
9100bc0eb0bce4f5f7fc314fa820b4dee00db8d31892ec6fdb4fccca801a40d0
-
SHA512
755fd513c180c1f803d437caf90c06ed7dbf521c0440941cbd028f134b4eda41772d97ff19e13a234c6e99c32661c1ca68aa5c5a7c43964e04ff0631221e4aba
-
SSDEEP
49152:icuP/zBmSnI8WX/Pjoc53lvzjbOzcWn52bPT:ruPb0n3jRVvzwpM
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.ELF.Armbar-B.13586.26645.elf
Resource
ubuntu2004-amd64-20240221-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.ELF.Armbar-B.13586.26645.elf
-
Size
2.7MB
-
MD5
9e0d1124dae07a104dcb93b2e27e8ddc
-
SHA1
c310ec9924e2371402e8d3df66624a126a673996
-
SHA256
9100bc0eb0bce4f5f7fc314fa820b4dee00db8d31892ec6fdb4fccca801a40d0
-
SHA512
755fd513c180c1f803d437caf90c06ed7dbf521c0440941cbd028f134b4eda41772d97ff19e13a234c6e99c32661c1ca68aa5c5a7c43964e04ff0631221e4aba
-
SSDEEP
49152:icuP/zBmSnI8WX/Pjoc53lvzjbOzcWn52bPT:ruPb0n3jRVvzwpM
Score8/10-
Modifies password files for system users/ groups
Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
-
Adds a user to the system
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies Bash startup script
-