General
-
Target
init_ubuntu.sh
-
Size
6KB
-
Sample
240524-qal7vaee82
-
MD5
30416f16aa09fff31a90a4b52498c365
-
SHA1
1080d979554c60d0207ab6faf2396898c6c610c7
-
SHA256
526a7c3f216e1c12030c4681486c997579b5adb054d8fc39c6b204ba6d06f887
-
SHA512
30a0c6502d794d69aa2fb12ae5ccd9319c364af7f65b58462f1a724d0db93460650beba3051453d64e76491b3e9e38feb1fb1ac740c2e037da1ea25ed604b6b1
-
SSDEEP
96:3h1271bS6x8C8xxXoSPwNDSKdMe3x2B8RxFia7zaZ8SViqrnG9jlZv1Bxo:GyC8dItS2M8YUnlXu8SVFS9jlZve
Malware Config
Targets
-
-
Target
init_ubuntu.sh
-
Size
6KB
-
MD5
30416f16aa09fff31a90a4b52498c365
-
SHA1
1080d979554c60d0207ab6faf2396898c6c610c7
-
SHA256
526a7c3f216e1c12030c4681486c997579b5adb054d8fc39c6b204ba6d06f887
-
SHA512
30a0c6502d794d69aa2fb12ae5ccd9319c364af7f65b58462f1a724d0db93460650beba3051453d64e76491b3e9e38feb1fb1ac740c2e037da1ea25ed604b6b1
-
SSDEEP
96:3h1271bS6x8C8xxXoSPwNDSKdMe3x2B8RxFia7zaZ8SViqrnG9jlZv1Bxo:GyC8dItS2M8YUnlXu8SVFS9jlZve
Score8/10-
Modifies initial root filesystem image
Overwrites initrd/ initramfs image in the /boot mountpoint.
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Loads a kernel module
Loads a Linux kernel module, potentially to achieve persistence
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-
Modifies Bash startup script
-