General

  • Target

    wireguard-install.sh

  • Size

    29KB

  • Sample

    240521-gbxwasde39

  • MD5

    6fb4cf22ce51158421e90ec0150ca3fb

  • SHA1

    5f66f8d01cdb124481ad264d8444a42d486d70d9

  • SHA256

    24144660b3144ce7a288b6eab8f7c2c5386230ff06186f3a2517639c56d43fc9

  • SHA512

    979286c8803fbf050b4bab94223fb4689798c97b488aaf2e3ef79103f3f8c177ba2f45f0d900f449d2ea6d561ed79b0213f7e7ac8c1caa5cbc18b6078712e545

  • SSDEEP

    384:JKq5OzpZPCaNQVqBjqJvekjS8VlGLEzzJ:JeplCaNQcBjqJvfJ3zzJ

Malware Config

Targets

    • Target

      wireguard-install.sh

    • Size

      29KB

    • MD5

      6fb4cf22ce51158421e90ec0150ca3fb

    • SHA1

      5f66f8d01cdb124481ad264d8444a42d486d70d9

    • SHA256

      24144660b3144ce7a288b6eab8f7c2c5386230ff06186f3a2517639c56d43fc9

    • SHA512

      979286c8803fbf050b4bab94223fb4689798c97b488aaf2e3ef79103f3f8c177ba2f45f0d900f449d2ea6d561ed79b0213f7e7ac8c1caa5cbc18b6078712e545

    • SSDEEP

      384:JKq5OzpZPCaNQVqBjqJvekjS8VlGLEzzJ:JeplCaNQcBjqJvfJ3zzJ

    Score
    6/10
    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Tasks