Resubmissions

09-09-2024 17:01

240909-vjrada1gmd 10

24-01-2024 21:55

240124-1srkdsaadr 10

General

  • Target

    a.sh

  • Size

    6KB

  • Sample

    240909-vjrada1gmd

  • MD5

    e97dee2d99e3bd5150abdfb488aafeb8

  • SHA1

    8a9b089a194b383b2202457afa1e0b3ec8fc4d3f

  • SHA256

    f5462666cfd610336545233aba5f6014699d4b07829c856d0b99956075f7331b

  • SHA512

    1d572bc3c7642ea007d441865c879ce4037848210a5194ea1bf262af22e9b84e674c067138531672758e2fbf7a53e82820502736827366d4688180c1f6bcfa25

  • SSDEEP

    192:mRoo5wsIGV7DDf6jlpTWg3vMGQit/3PCd/8PY3+R3YB:mao5wgV7DDf6jlpTWg3vMGQit/3PCd//

Malware Config

Targets

    • Target

      a.sh

    • Size

      6KB

    • MD5

      e97dee2d99e3bd5150abdfb488aafeb8

    • SHA1

      8a9b089a194b383b2202457afa1e0b3ec8fc4d3f

    • SHA256

      f5462666cfd610336545233aba5f6014699d4b07829c856d0b99956075f7331b

    • SHA512

      1d572bc3c7642ea007d441865c879ce4037848210a5194ea1bf262af22e9b84e674c067138531672758e2fbf7a53e82820502736827366d4688180c1f6bcfa25

    • SSDEEP

      192:mRoo5wsIGV7DDf6jlpTWg3vMGQit/3PCd/8PY3+R3YB:mao5wgV7DDf6jlpTWg3vMGQit/3PCd//

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

    • Disables AppArmor

      Disables AppArmor security module.

    • Disables SELinux

      Disables SELinux security module.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks