Resubmissions

29-08-2024 14:43

240829-r3lx8axbrc 9

29-08-2024 14:37

240829-ry481ayejk 6

General

  • Target

    sshd.01

  • Size

    6.3MB

  • Sample

    240829-r3lx8axbrc

  • MD5

    68a2e2d89adb68f9f16621066b566d85

  • SHA1

    1301e2e6d2a44e56a7dddaf4081d4a6c89f7ced5

  • SHA256

    d72ea22e6f35e848a2e5870863e410f0434013ad43c3f5b6935168fc07c7d7b0

  • SHA512

    6a612ac58f0283fd06b2f60d7767d7492eadd8a3aeaceed2517824ef302d0d5ae89b919328ab07b4db3b4a2e2757dbb0e4b0a9af4f9710c6124ac5f5afefa275

  • SSDEEP

    49152:lPopq2v2YFrb/T2vO90d7HjmAFd4A64nsfJ1KdQDdNnXiOPLr4iv80oQODav4kNq:YCinLre0WmNMwHwnEaRxqkig

Malware Config

Targets

    • Target

      sshd.01

    • Size

      6.3MB

    • MD5

      68a2e2d89adb68f9f16621066b566d85

    • SHA1

      1301e2e6d2a44e56a7dddaf4081d4a6c89f7ced5

    • SHA256

      d72ea22e6f35e848a2e5870863e410f0434013ad43c3f5b6935168fc07c7d7b0

    • SHA512

      6a612ac58f0283fd06b2f60d7767d7492eadd8a3aeaceed2517824ef302d0d5ae89b919328ab07b4db3b4a2e2757dbb0e4b0a9af4f9710c6124ac5f5afefa275

    • SSDEEP

      49152:lPopq2v2YFrb/T2vO90d7HjmAFd4A64nsfJ1KdQDdNnXiOPLr4iv80oQODav4kNq:YCinLre0WmNMwHwnEaRxqkig

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

MITRE ATT&CK Enterprise v15

Tasks