General
-
Target
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
-
Size
46KB
-
Sample
240630-be22javbrk
-
MD5
150dc9ae7c5729552ec2e92a7bc49095
-
SHA1
2aed6d97f2c3400e1eb7e136e245a6f45ef4ae1f
-
SHA256
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
-
SHA512
13c40ba893a9f7a0f3e674400025f65e041e91f09b6def779078e391e35a3dedaf55742e68ae0b9b6f3c9120c1628266fb16348b674e988d146ed3d7b2c3f9c7
-
SSDEEP
768:bxlT2wDuWvWi7JFNcuFkc2zq0x3UKnicZuiR/amT8z:8wF+Lc2/FicfSmT8z
Static task
static1
Behavioral task
behavioral1
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
Resource
debian9-mipsel-20240418-en
Malware Config
Targets
-
-
Target
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
-
Size
46KB
-
MD5
150dc9ae7c5729552ec2e92a7bc49095
-
SHA1
2aed6d97f2c3400e1eb7e136e245a6f45ef4ae1f
-
SHA256
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
-
SHA512
13c40ba893a9f7a0f3e674400025f65e041e91f09b6def779078e391e35a3dedaf55742e68ae0b9b6f3c9120c1628266fb16348b674e988d146ed3d7b2c3f9c7
-
SSDEEP
768:bxlT2wDuWvWi7JFNcuFkc2zq0x3UKnicZuiR/amT8z:8wF+Lc2/FicfSmT8z
-
XMRig Miner payload
-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Executes dropped EXE
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Deletes log files
Deletes log files on the system.
-
Disables AppArmor
Disables AppArmor security module.
-
Disables SELinux
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Hijack Execution Flow
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Hijack Execution Flow
2Scheduled Task/Job
1