General
-
Target
d8a12c39742e862d3c2a72bc85532deb7b62665357a357bf6a4f2ea3ceb8561a.elf
-
Size
3.2MB
-
Sample
241012-cbhddsweqa
-
MD5
396a812c15bd9809d0c8f438b8517827
-
SHA1
6a8eb0ee0a05cede17a50ec04b0a549d70325dcb
-
SHA256
d8a12c39742e862d3c2a72bc85532deb7b62665357a357bf6a4f2ea3ceb8561a
-
SHA512
83ba44b59c9aa517887d27de612b646a17e1b0e372e216e279f188a75e12759b27f181509287e08e79aa34872b59b711fc8efd014b463f58934f762a8d70e948
-
SSDEEP
98304:EenYv0GcTOR0aUripytWEGYk91lRujZv9I:bYoOjGhnGPLlqZvW
Behavioral task
behavioral1
Sample
d8a12c39742e862d3c2a72bc85532deb7b62665357a357bf6a4f2ea3ceb8561a.elf
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
d8a12c39742e862d3c2a72bc85532deb7b62665357a357bf6a4f2ea3ceb8561a.elf
-
Size
3.2MB
-
MD5
396a812c15bd9809d0c8f438b8517827
-
SHA1
6a8eb0ee0a05cede17a50ec04b0a549d70325dcb
-
SHA256
d8a12c39742e862d3c2a72bc85532deb7b62665357a357bf6a4f2ea3ceb8561a
-
SHA512
83ba44b59c9aa517887d27de612b646a17e1b0e372e216e279f188a75e12759b27f181509287e08e79aa34872b59b711fc8efd014b463f58934f762a8d70e948
-
SSDEEP
98304:EenYv0GcTOR0aUripytWEGYk91lRujZv9I:bYoOjGhnGPLlqZvW
-
Detects Kaiten/Tsunami Payload
-
Detects Kaiten/Tsunami payload
-
XMRig Miner payload
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Writes file to system bin folder
-
Security Software Discovery
Adversaries may attempt to discover installed security software and its configurations.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
2XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Scheduled Task/Job
1Cron
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Process Discovery
1Software Discovery
1Security Software Discovery
1System Information Discovery
3System Network Configuration Discovery
1Internet Connection Discovery
1System Network Connections Discovery
1Virtualization/Sandbox Evasion
2System Checks
2