68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6 | Triage

Sharing

General

Target

68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6
Size

15KB
Sample

241009-kf8p5szajn
MD5

d18bc7dae6c4c9be5820fc46ec65f700
SHA1

9ea77334980cee13ce80c1d33a7f6263d019035b
SHA256

68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6
SHA512

a00baaf81eec5f8a702c0483954bd000aa8bc94eef3f9415ddcc7a3bb62a68083dde74922285ea05ae6764824716a286dc152ff70521e193a000f45516175a05
SSDEEP

192:RV3vw/dthpXd5VdFjzQp5PQfdzTH49PkHVTg0oi:Qd/ptjzQp5AY9P2

Score

6^/10

credential_access discovery linux

Malware Config

Targets

- Target
  
  68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6
- Size
  
  15KB
- MD5
  
  d18bc7dae6c4c9be5820fc46ec65f700
- SHA1
  
  9ea77334980cee13ce80c1d33a7f6263d019035b
- SHA256
  
  68272ec4349f4f4be5178ed961c2f71590fab3d3c10a9760b33c5d845d0e68e6
- SHA512
  
  a00baaf81eec5f8a702c0483954bd000aa8bc94eef3f9415ddcc7a3bb62a68083dde74922285ea05ae6764824716a286dc152ff70521e193a000f45516175a05
- SSDEEP
  
  192:RV3vw/dthpXd5VdFjzQp5PQfdzTH49PkHVTg0oi:Qd/ptjzQp5AY9P2
Score

6^/10

credential_access discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscovery