General

  • Target

    8cdb3ba440dfe821d3f857026fdc38a3

  • Size

    82KB

  • Sample

    241014-lnnklstanh

  • MD5

    8cdb3ba440dfe821d3f857026fdc38a3

  • SHA1

    5ec3401b88a79896ac8f52cdfb3a64c5938dd887

  • SHA256

    03fcea1e4dc5c6f67ca84d427a6ddfc9d79a75b47fa2de9c4807b0fd75dc3502

  • SHA512

    86a9e2a8a1a740b25a47e3eaeb80a4e95298f84537b3b77d10ef7b34a980ae64725e5273d09011e1a749317d09fa80760fe367218d2e53240c1c124c55698b20

  • SSDEEP

    1536:mJrzIaVcVIktBUmmp4buU+Uqabr4lZ3BoOZsCGkRnB:mJPDVcVIkDUm4XU+UYoOnn

Malware Config

Targets

    • Target

      8cdb3ba440dfe821d3f857026fdc38a3

    • Size

      82KB

    • MD5

      8cdb3ba440dfe821d3f857026fdc38a3

    • SHA1

      5ec3401b88a79896ac8f52cdfb3a64c5938dd887

    • SHA256

      03fcea1e4dc5c6f67ca84d427a6ddfc9d79a75b47fa2de9c4807b0fd75dc3502

    • SHA512

      86a9e2a8a1a740b25a47e3eaeb80a4e95298f84537b3b77d10ef7b34a980ae64725e5273d09011e1a749317d09fa80760fe367218d2e53240c1c124c55698b20

    • SSDEEP

      1536:mJrzIaVcVIktBUmmp4buU+Uqabr4lZ3BoOZsCGkRnB:mJPDVcVIkDUm4XU+UYoOnn

    • Contacts a large (21578) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Renames itself

    • Deletes log files

      Deletes log files on the system.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks