Overview

overview

9

Static

static

1

d5fa8d05f1...70.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    343770e1d6d9a1f782823d8305405da0.bin

  • Size

    299KB

  • Sample

    240919-hr9epswfnq

  • MD5

    2e5ed9a8f6ffd7e8f9f174aa4a9f601a

  • SHA1

    f582d1f04f3961c9599f798a68952525f2c1f337

  • SHA256

    d46bb30cf880997c987d6f76147ce7055c0570d22ac201d7b07ee799d2be48a6

  • SHA512

    f0f6a5f11334b12abe0c35662e58f37f2796f7e4536b8c7f039034b747009be20c77fe570d23ea8a36c33f172a2907383eb64b7e31f9c9d3f223b708d7be8fe7

  • SSDEEP

    6144:Bp28B6cQ/hs4Jrn4NifFhs2pczuUfWqFcZMNc3NOBwb0V:B6cyjJrncGOusayc32

Score
9/10
defense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      d5fa8d05f1d132f880399b6857c45e891096d30a61ac41d4b0599e54d3128d70.elf

    • Size

      648KB

    • MD5

      343770e1d6d9a1f782823d8305405da0

    • SHA1

      f07f9fcad82694f36dac9e51e86b1331b69a5d19

    • SHA256

      d5fa8d05f1d132f880399b6857c45e891096d30a61ac41d4b0599e54d3128d70

    • SHA512

      1fc4e698c3beba8fd9345f1e6e3830824e5cb5a2fa352a9253eb017de546d01398e32b8e4cb10df13b9f7fc2cab9cde418c4233e5cbb4ca99f90dff6e03ec147

    • SSDEEP

      12288:UB9mQoSyE0zYggEKavjwmitmCd89KiCMSggplw7wW0dFEGvW1VPH1h:UboB1zYggEKaLF28QdMx90dFEGvWTPH1

    Score
    9/10
    defense_evasiondiscoverypersistenceprivilege_escalation

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistenceprivilege_escalationdefense_evasion

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistenceprivilege_escalation

    • Modifies Bash startup script

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

4
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

2
T1037

RC Scripts

2
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Event Triggered Execution

1
T1546

Unix Shell Configuration Modification

1
T1546.004

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Privilege Escalation

Boot or Logon Autostart Execution

4
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

2
T1037

RC Scripts

2
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Event Triggered Execution

1
T1546

Unix Shell Configuration Modification

1
T1546.004

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Defense Evasion

File and Directory Permissions Modification

1
T1222

Linux and Mac File and Directory Permissions Modification

1
T1222.002

Hijack Execution Flow

1
T1574

Path Interception by PATH Environment Variable

1
T1574.007

Impair Defenses

1
T1562

Credential Access

Discovery

Network Service Discovery

1
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks