24144660b3144ce7a288b6eab8f7c2c5386230ff06186f3a2517639c56d43fc9 | Triage

Sharing

General

Target

wireguard-install.sh
Size

29KB
Sample

240521-gbxwasde39
MD5

6fb4cf22ce51158421e90ec0150ca3fb
SHA1

5f66f8d01cdb124481ad264d8444a42d486d70d9
SHA256

24144660b3144ce7a288b6eab8f7c2c5386230ff06186f3a2517639c56d43fc9
SHA512

979286c8803fbf050b4bab94223fb4689798c97b488aaf2e3ef79103f3f8c177ba2f45f0d900f449d2ea6d561ed79b0213f7e7ac8c1caa5cbc18b6078712e545
SSDEEP

384:JKq5OzpZPCaNQVqBjqJvekjS8VlGLEzzJ:JeplCaNQcBjqJvfJ3zzJ

Score

6^/10

antivm linux persistence

Malware Config

Targets

- Target
  
  wireguard-install.sh
- Size
  
  29KB
- MD5
  
  6fb4cf22ce51158421e90ec0150ca3fb
- SHA1
  
  5f66f8d01cdb124481ad264d8444a42d486d70d9
- SHA256
  
  24144660b3144ce7a288b6eab8f7c2c5386230ff06186f3a2517639c56d43fc9
- SHA512
  
  979286c8803fbf050b4bab94223fb4689798c97b488aaf2e3ef79103f3f8c177ba2f45f0d900f449d2ea6d561ed79b0213f7e7ac8c1caa5cbc18b6078712e545
- SSDEEP
  
  384:JKq5OzpZPCaNQVqBjqJvekjS8VlGLEzzJ:JeplCaNQcBjqJvfJ3zzJ
Score

6^/10

antivm persistence
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

antivmpersistence

behavioral2

behavioral3

behavioral4