4d38c66f9c89f37059f80311d91e5d60f58befcfea7151f350b706e377d624d3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d38c66f9c89f37059f80311d91e5d60f58befcfea7151f350b706e377d624d3.elf
Size

161KB
Sample

241001-bmrkrsxglc
MD5

ad9e98b3008479ceed4cfe9affdfcd84
SHA1

139445315ca6810fd35d70b9226e2f685c7ad46f
SHA256

4d38c66f9c89f37059f80311d91e5d60f58befcfea7151f350b706e377d624d3
SHA512

4bdd63658aefa910d3115872b828cd7cad6113a92d05319fe5214cc60feb2be09cabf53426a40d7f474e868ae77922505633969793df71ac1b0a8571db93050b
SSDEEP

3072:XQgsRje8EywnqadOuiZoRkXAXpoxTHG9ssNbhHKM/9abm3wcGDRs:XQgstE9qadOuiZooAXCm5NbhqM/9abmL

Score

7^/10

defense_evasion discovery execution persistence privilege_escalation

Malware Config

Targets

- Target
  
  4d38c66f9c89f37059f80311d91e5d60f58befcfea7151f350b706e377d624d3.elf
- Size
  
  161KB
- MD5
  
  ad9e98b3008479ceed4cfe9affdfcd84
- SHA1
  
  139445315ca6810fd35d70b9226e2f685c7ad46f
- SHA256
  
  4d38c66f9c89f37059f80311d91e5d60f58befcfea7151f350b706e377d624d3
- SHA512
  
  4bdd63658aefa910d3115872b828cd7cad6113a92d05319fe5214cc60feb2be09cabf53426a40d7f474e868ae77922505633969793df71ac1b0a8571db93050b
- SSDEEP
  
  3072:XQgsRje8EywnqadOuiZoRkXAXpoxTHG9ssNbhHKM/9abm3wcGDRs:XQgstE9qadOuiZooAXCm5NbhqM/9abmL
Score

7^/10

defense_evasion discovery execution persistence privilege_escalation
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence privilege_escalation defense_evasion
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Modifies Bash startup script
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Event Triggered Execution

Unix Shell Configuration Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Event Triggered Execution

Unix Shell Configuration Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Hijack Execution Flow

Path Interception by PATH Environment Variable

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalation