b7c5a889dbb85a408c0b0d151aa089cf2f1060963959759ec41c6980f6d61853 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

install_parkos-0417.sh
Size

13KB
Sample

240522-pmvjbabc9y
MD5

89bf15decfc4323d7ce4e77d2e00b868
SHA1

3827cc5f5695182313144773ca89c026e5f40aa5
SHA256

b7c5a889dbb85a408c0b0d151aa089cf2f1060963959759ec41c6980f6d61853
SHA512

5120843a65a43d8a00341828a3d59750cae96cea40ada22e1319ebb48b1c2bd5fdb36f0d9e4941d43dc9e1cfc4169b4af0fd1ca938e0014412059957489bb8d4
SSDEEP

192:LUs6cJGd2OgdTF2ZlKINH7A25c6dkDf7e1AuAtMuWGv4bKXKui9kkIMxhmh1hihf:UdtgJxzWyYsbWy0zPyYIyIzI8/+

Score

6^/10

linux persistence

Malware Config

Targets

- Target
  
  install_parkos-0417.sh
- Size
  
  13KB
- MD5
  
  89bf15decfc4323d7ce4e77d2e00b868
- SHA1
  
  3827cc5f5695182313144773ca89c026e5f40aa5
- SHA256
  
  b7c5a889dbb85a408c0b0d151aa089cf2f1060963959759ec41c6980f6d61853
- SHA512
  
  5120843a65a43d8a00341828a3d59750cae96cea40ada22e1319ebb48b1c2bd5fdb36f0d9e4941d43dc9e1cfc4169b4af0fd1ca938e0014412059957489bb8d4
- SSDEEP
  
  192:LUs6cJGd2OgdTF2ZlKINH7A25c6dkDf7e1AuAtMuWGv4bKXKui9kkIMxhmh1hihf:UdtgJxzWyYsbWy0zPyYIyIzI8/+
Score

6^/10

persistence
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence
- Modifies Bash startup script
  persistence
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task/Job

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4