General
-
Target
2b3c4f43c888ccb4d6edf582bbfafa3d.bin
-
Size
37KB
-
Sample
240507-bjgw6aee45
-
MD5
0ab28eb8a7a8e7822c2882780ff2723f
-
SHA1
a3d56c8020f0e9b7a337f237bec8dc82f160c031
-
SHA256
a82d8369442ea9b5798f12587875663a92f218dcf3abad41c71c05688f535703
-
SHA512
158a6c21f04fc3df93a215d9835974b27e06df6115e1e059f90be6cb926ad3c0dc529b7761527449196612bb3bc298fb22d905fb9edc68325cb6cd779c18fc9a
-
SSDEEP
768:N5WQhbVkUi3KZyNBVMnDK/jvReR0F//1cTVAx2YZ4zTGt1F2t9EaLwMs3:N8KkfooBVmKLvReR0F1cTVs2YZGitD79
Static task
static1
Behavioral task
behavioral1
Sample
6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf
Resource
ubuntu1804-amd64-20240226-en
Malware Config
Targets
-
-
Target
6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315.elf
-
Size
86KB
-
MD5
2b3c4f43c888ccb4d6edf582bbfafa3d
-
SHA1
55977ad42ce727dd5099558efec74adf5ce61eb7
-
SHA256
6851cf3d49c61aca0813e6242eb086b15fa454a6953acafb4dc400f868890315
-
SHA512
17475686ed01dd4ce48e351ece9c062a8d309d2ba297c9bcb579bee165a0b1f53080026ad78d0210c3b9bee2373331bf233f88e61f10e7fb0a483274f8760629
-
SSDEEP
1536:N4gz2yjt+uO6XBX+9lRt7iLZ6yy4swKX+lJuMNRkVxNwj:N4gayjt+76XdONgdy41KX+nfgxuj
Score7/10-
Modifies PAM framework files
Modifies Linux PAM framework files, possibly to intercept credentials.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Modifies sudoers policy
Adds/ Modifies rule files for sudoers policy, likely to grant additional privileges.
-
Modifies user home skeleton directory
Modifies skeleton of initial home directory of newly added system users.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Deletes log files
Deletes log files on the system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
Writes file to system bin folder
-
Modifies Bash startup script
-