General
-
Target
7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11
-
Size
2.8MB
-
Sample
240925-1sf4nazcpm
-
MD5
23ca4ab1518ff76f5037ea12f367a469
-
SHA1
1001b06820145ac69f3d440f1cc25990eb14cc71
-
SHA256
7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11
-
SHA512
71d64aa70d57ff8ae4ec47a19be62879875db8e238534153165f4778d5816043c1caa8ddc3b02102818aad3a1c5585a3ecc6d7f3ba38537f70bc93a460f502f2
-
SSDEEP
49152:ZTsrRjW/ionUOamjCn4GyY484WD6nZ1EmmmLu7EyJX514JPv8L/1Vp6Hgm:1qEVjvGXNP6Z1vu7tB2P071Lm
Malware Config
Targets
-
-
Target
7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11
-
Size
2.8MB
-
MD5
23ca4ab1518ff76f5037ea12f367a469
-
SHA1
1001b06820145ac69f3d440f1cc25990eb14cc71
-
SHA256
7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11
-
SHA512
71d64aa70d57ff8ae4ec47a19be62879875db8e238534153165f4778d5816043c1caa8ddc3b02102818aad3a1c5585a3ecc6d7f3ba38537f70bc93a460f502f2
-
SSDEEP
49152:ZTsrRjW/ionUOamjCn4GyY484WD6nZ1EmmmLu7EyJX514JPv8L/1Vp6Hgm:1qEVjvGXNP6Z1vu7tB2P071Lm
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1