General
-
Target
linux_amd64
-
Size
5.2MB
-
Sample
240723-we1tpavbpe
-
MD5
ef88276fa298ff035f0b48ab177857b2
-
SHA1
33f0cc416681eaeebb3ea7ea0f7a84fcef809fd6
-
SHA256
7ebc34e78ef982e5b101b0d65afaf6b66e1b868c149efdaffe664cb07553dbad
-
SHA512
884cfb006e4f08f55bd2edbf89fd4a75d5071076cbfce8e571fb4237e0a8a943c31a506b1b7d831f1112ab78129a3c2fbbf6dfacb5f2f0042a81906d3459bae0
-
SSDEEP
98304:CPhJXGJbvumwu8tN1L71UoVk/5a70qZsOuj:PVWRuILBRbq
Static task
static1
Behavioral task
behavioral1
Sample
linux_amd64
Resource
ubuntu2204-amd64-20240611-en
Malware Config
Targets
-
-
Target
linux_amd64
-
Size
5.2MB
-
MD5
ef88276fa298ff035f0b48ab177857b2
-
SHA1
33f0cc416681eaeebb3ea7ea0f7a84fcef809fd6
-
SHA256
7ebc34e78ef982e5b101b0d65afaf6b66e1b868c149efdaffe664cb07553dbad
-
SHA512
884cfb006e4f08f55bd2edbf89fd4a75d5071076cbfce8e571fb4237e0a8a943c31a506b1b7d831f1112ab78129a3c2fbbf6dfacb5f2f0042a81906d3459bae0
-
SSDEEP
98304:CPhJXGJbvumwu8tN1L71UoVk/5a70qZsOuj:PVWRuILBRbq
Score8/10-
Modifies password files for system users/ groups
Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
-
Executes dropped EXE
-
Modifies sudoers policy
Adds/ Modifies rule files for sudoers policy, likely to grant additional privileges.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Checks mountinfo of local process
Checks mountinfo of running processes which indicate if it is running in chroot jail.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies file attributes
Modifies inode attributes on the filesystem, possibly to elevate privileges.
-
Modifies special file permissions
Adds special setuid and/ or setgid bits on a file, possibly to elevate privileges.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Hijack Execution Flow
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Boot or Logon Autostart Execution
1Hijack Execution Flow
1Scheduled Task/Job
1