General
-
Target
goku
-
Size
4.6MB
-
Sample
240919-hnytsswekq
-
MD5
eee6a6e777fd9ae23046abb7de1e0c2a
-
SHA1
70784f342f03b5b3c73550dd6cd0be08503bb2a7
-
SHA256
f6069886728686c5c6566c0332ba37c16805fb623b6fcbbd1dd2e09ee5cc75b1
-
SHA512
e99c083cab705077c2b5dda663706d9932fab2474ff2b24b5eaa4073108061b8fb70cf1aa64079f71d2db72fb504f35b0ef0ac410f37709ff96d7cbeb25ae067
-
SSDEEP
49152:0hwNAj0VlOyTHfMDjYpLCWvHFiMBiBFjrhrlzr18t7LxcAk4u7prrRQtLxfTpjU1:JfjjTvlNiPt9y7LxXk5prrmlu
Malware Config
Targets
-
-
Target
goku
-
Size
4.6MB
-
MD5
eee6a6e777fd9ae23046abb7de1e0c2a
-
SHA1
70784f342f03b5b3c73550dd6cd0be08503bb2a7
-
SHA256
f6069886728686c5c6566c0332ba37c16805fb623b6fcbbd1dd2e09ee5cc75b1
-
SHA512
e99c083cab705077c2b5dda663706d9932fab2474ff2b24b5eaa4073108061b8fb70cf1aa64079f71d2db72fb504f35b0ef0ac410f37709ff96d7cbeb25ae067
-
SSDEEP
49152:0hwNAj0VlOyTHfMDjYpLCWvHFiMBiBFjrhrlzr18t7LxcAk4u7prrRQtLxfTpjU1:JfjjTvlNiPt9y7LxXk5prrmlu
Score10/10-
Detects Kaiten/Tsunami Payload
-
Detects Kaiten/Tsunami payload
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Modifies the dynamic linker configuration file
Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.
-
XMRig Miner payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Writes file to system bin folder
-
Security Software Discovery
Adversaries may attempt to discover installed security software and its configurations.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Hijack Execution Flow
1Dynamic Linker Hijacking
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Hijack Execution Flow
1Dynamic Linker Hijacking
1Scheduled Task/Job
1Cron
1Defense Evasion
Hijack Execution Flow
1Dynamic Linker Hijacking
1Virtualization/Sandbox Evasion
2System Checks
2