General
-
Target
2b3c4f43c888ccb4d6edf582bbfafa3d.elf
-
Size
86KB
-
Sample
240505-cg91labb7w
-
MD5
2b3c4f43c888ccb4d6edf582bbfafa3d
-
SHA1
55977ad42ce727dd5099558efec74adf5ce61eb7
-
SHA256
6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315
-
SHA512
17475686ed01dd4ce48e351ece9c062a8d309d2ba297c9bcb579bee165a0b1f53080026ad78d0210c3b9bee2373331bf233f88e61f10e7fb0a483274f8760629
-
SSDEEP
1536:N4gz2yjt+uO6XBX+9lRt7iLZ6yy4swKX+lJuMNRkVxNwj:N4gayjt+76XdONgdy41KX+nfgxuj
Static task
static1
Behavioral task
behavioral1
Sample
2b3c4f43c888ccb4d6edf582bbfafa3d.elf
Resource
ubuntu1804-amd64-20240226-en
Malware Config
Targets
-
-
Target
2b3c4f43c888ccb4d6edf582bbfafa3d.elf
-
Size
86KB
-
MD5
2b3c4f43c888ccb4d6edf582bbfafa3d
-
SHA1
55977ad42ce727dd5099558efec74adf5ce61eb7
-
SHA256
6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315
-
SHA512
17475686ed01dd4ce48e351ece9c062a8d309d2ba297c9bcb579bee165a0b1f53080026ad78d0210c3b9bee2373331bf233f88e61f10e7fb0a483274f8760629
-
SSDEEP
1536:N4gz2yjt+uO6XBX+9lRt7iLZ6yy4swKX+lJuMNRkVxNwj:N4gayjt+76XdONgdy41KX+nfgxuj
Score7/10-
Modifies PAM framework files
Modifies Linux PAM framework files, possibly to intercept credentials.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Modifies sudoers policy
Adds/ Modifies rule files for sudoers policy, likely to grant additional privileges.
-
Modifies user home skeleton directory
Modifies skeleton of initial home directory of newly added system users.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Deletes log files
Deletes log files on the system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Writes file to system bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Hijack Execution Flow
3Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
3Hijack Execution Flow
3Scheduled Task/Job
1