d75fd66a622fd5846642840f00194ed77ed7d2ba54ebdcd78ecb9700edc9ddab | Triage

Submit
Reports

Overview

overview

7

Static

static

7

d75fd66a62...ab.elf

ubuntu-20.04-amd64

7

Sharing

General

Target

d75fd66a622fd5846642840f00194ed77ed7d2ba54ebdcd78ecb9700edc9ddab.elf
Size

7.9MB
Sample

240521-rd11vagf3t
MD5

5556800dcbfaf80e26247b0bad10ae21
SHA1

3d716441195624631b5d5e9c468b89afa8dcf4e2
SHA256

d75fd66a622fd5846642840f00194ed77ed7d2ba54ebdcd78ecb9700edc9ddab
SHA512

ac65e9165b6ecf45beca39366da3c012fecb76b72f8a4e7b37cdb21706ebb8d0cb340169dc16b6d34556de78b960d00aa8a164f6b1e80cf4b64af72a36272de3
SSDEEP

196608:KfiD1r1SLzBt9+BGeNiBwWxSWZW7H33kf6CNO89ysh:J1r1Sxt9BFPZW7H3K6CNO8w2

Score

7^/10

evasion linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d75fd66a622fd5846642840f00194ed77ed7d2ba54ebdcd78ecb9700edc9ddab.elf

Resource

ubuntu2004-amd64-20240508-en

ubuntu-20.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d75fd66a622fd5846642840f00194ed77ed7d2ba54ebdcd78ecb9700edc9ddab.elf
- Size
  
  7.9MB
- MD5
  
  5556800dcbfaf80e26247b0bad10ae21
- SHA1
  
  3d716441195624631b5d5e9c468b89afa8dcf4e2
- SHA256
  
  d75fd66a622fd5846642840f00194ed77ed7d2ba54ebdcd78ecb9700edc9ddab
- SHA512
  
  ac65e9165b6ecf45beca39366da3c012fecb76b72f8a4e7b37cdb21706ebb8d0cb340169dc16b6d34556de78b960d00aa8a164f6b1e80cf4b64af72a36272de3
- SSDEEP
  
  196608:KfiD1r1SLzBt9+BGeNiBwWxSWZW7H33kf6CNO89ysh:J1r1Sxt9BFPZW7H3K6CNO8w2
Score

7^/10

evasion upx
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Executes dropped EXE
- Modifies PAM framework files
  Modifies Linux PAM framework files, possibly to intercept credentials.
- Traces itself
  Traces itself to prevent debugging attempts
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Attempts to change immutable files
  Modifies inode attributes on the filesystem to allow changing of immutable files.
- Deletes log files
  Deletes log files on the system.
- Write file to user bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Indicator Removal

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy