General
-
Target
ba3f176f6f168a4ef496592e1243c78dcaea1422a9d89d75e3b11d0c45fd290a.elf
-
Size
76KB
-
Sample
241011-ckqfcszdng
-
MD5
0bbc673a23d323061c36a37fe5c3d509
-
SHA1
38f0a56d732c509f9bfb51d5fe6002619f6a6c7a
-
SHA256
ba3f176f6f168a4ef496592e1243c78dcaea1422a9d89d75e3b11d0c45fd290a
-
SHA512
1037513661209ed70d9932ef8479b1b59850d215c5c1105f93212f7961441739860b887c8ad94c085912dcaed2cd0e9ecb3c8a0b21baf8f7b975546dbc6722a8
-
SSDEEP
1536:lxu6Nt3LUDmK+Y104tBrDu/XyYp41N/DAzdLvNs/:lk6N9LUxtB3UZp4n8tNs/
Malware Config
Targets
-
-
Target
ba3f176f6f168a4ef496592e1243c78dcaea1422a9d89d75e3b11d0c45fd290a.elf
-
Size
76KB
-
MD5
0bbc673a23d323061c36a37fe5c3d509
-
SHA1
38f0a56d732c509f9bfb51d5fe6002619f6a6c7a
-
SHA256
ba3f176f6f168a4ef496592e1243c78dcaea1422a9d89d75e3b11d0c45fd290a
-
SHA512
1037513661209ed70d9932ef8479b1b59850d215c5c1105f93212f7961441739860b887c8ad94c085912dcaed2cd0e9ecb3c8a0b21baf8f7b975546dbc6722a8
-
SSDEEP
1536:lxu6Nt3LUDmK+Y104tBrDu/XyYp41N/DAzdLvNs/:lk6N9LUxtB3UZp4n8tNs/
Score7/10-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Impair Defenses
1