General

  • Target

    linux_amd64

  • Size

    5.2MB

  • Sample

    240723-xlkxgssgmn

  • MD5

    ef88276fa298ff035f0b48ab177857b2

  • SHA1

    33f0cc416681eaeebb3ea7ea0f7a84fcef809fd6

  • SHA256

    7ebc34e78ef982e5b101b0d65afaf6b66e1b868c149efdaffe664cb07553dbad

  • SHA512

    884cfb006e4f08f55bd2edbf89fd4a75d5071076cbfce8e571fb4237e0a8a943c31a506b1b7d831f1112ab78129a3c2fbbf6dfacb5f2f0042a81906d3459bae0

  • SSDEEP

    98304:CPhJXGJbvumwu8tN1L71UoVk/5a70qZsOuj:PVWRuILBRbq

Malware Config

Targets

    • Target

      linux_amd64

    • Size

      5.2MB

    • MD5

      ef88276fa298ff035f0b48ab177857b2

    • SHA1

      33f0cc416681eaeebb3ea7ea0f7a84fcef809fd6

    • SHA256

      7ebc34e78ef982e5b101b0d65afaf6b66e1b868c149efdaffe664cb07553dbad

    • SHA512

      884cfb006e4f08f55bd2edbf89fd4a75d5071076cbfce8e571fb4237e0a8a943c31a506b1b7d831f1112ab78129a3c2fbbf6dfacb5f2f0042a81906d3459bae0

    • SSDEEP

      98304:CPhJXGJbvumwu8tN1L71UoVk/5a70qZsOuj:PVWRuILBRbq

    Score
    8/10
    • Modifies password files for system users/ groups

      Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.

    • Executes dropped EXE

    • Modifies sudoers policy

      Adds/ Modifies rule files for sudoers policy, likely to grant additional privileges.

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Deletes log files

      Deletes log files on the system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies file attributes

      Modifies inode attributes on the filesystem, possibly to elevate privileges.

    • Modifies special file permissions

      Adds special setuid and/ or setgid bits on a file, possibly to elevate privileges.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

MITRE ATT&CK Enterprise v15

Tasks