General

  • Target

    2b3c4f43c888ccb4d6edf582bbfafa3d.bin

  • Size

    37KB

  • Sample

    240507-bjgw6aee45

  • MD5

    0ab28eb8a7a8e7822c2882780ff2723f

  • SHA1

    a3d56c8020f0e9b7a337f237bec8dc82f160c031

  • SHA256

    a82d8369442ea9b5798f12587875663a92f218dcf3abad41c71c05688f535703

  • SHA512

    158a6c21f04fc3df93a215d9835974b27e06df6115e1e059f90be6cb926ad3c0dc529b7761527449196612bb3bc298fb22d905fb9edc68325cb6cd779c18fc9a

  • SSDEEP

    768:N5WQhbVkUi3KZyNBVMnDK/jvReR0F//1cTVAx2YZ4zTGt1F2t9EaLwMs3:N8KkfooBVmKLvReR0F1cTVs2YZGitD79

Malware Config

Targets

    • Target

      6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf

    • Size

      86KB

    • MD5

      2b3c4f43c888ccb4d6edf582bbfafa3d

    • SHA1

      55977ad42ce727dd5099558efec74adf5ce61eb7

    • SHA256

      6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315

    • SHA512

      17475686ed01dd4ce48e351ece9c062a8d309d2ba297c9bcb579bee165a0b1f53080026ad78d0210c3b9bee2373331bf233f88e61f10e7fb0a483274f8760629

    • SSDEEP

      1536:N4gz2yjt+uO6XBX+9lRt7iLZ6yy4swKX+lJuMNRkVxNwj:N4gayjt+76XdONgdy41KX+nfgxuj

    Score
    7/10
    • Deletes journal logs

      Deletes systemd journal logs. Likely to evade detection.

    • Modifies PAM framework files

      Modifies Linux PAM framework files, possibly to intercept credentials.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Modifies sudoers policy

      Adds/ Modifies rule files for sudoers policy, likely to grant additional privileges.

    • Modifies user home skeleton directory

      Modifies skeleton of initial home directory of newly added system users.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Deletes log files

      Deletes log files on the system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Writes file to system bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks