Overview

overview

7

Static

static

1

92ed2aa622...05.elf

ubuntu-24.04-amd64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    92ed2aa62286b092cfb5fdc6c49641ea7b2228a99676c6c7c736e8c237b7a505.elf

  • Size

    64KB

  • Sample

    241014-nx5llavang

  • MD5

    a41fd626d3c5544b4def0701a1f20b28

  • SHA1

    319ffd98a337eb9a2cac34b275b3876c96de99d8

  • SHA256

    92ed2aa62286b092cfb5fdc6c49641ea7b2228a99676c6c7c736e8c237b7a505

  • SHA512

    a2f6ca36562b3687258783634fce4fc226bc2436d595bce11bcce3f8342675ecf02b461025b9f75b8858a0531b7327567e1fcfa33019c86180e92d74296bf61b

  • SSDEEP

    1536:N+ZLQ0EafuTAWurF4gufwKTnSQvS1lX7:8ZLQLaGTAWurTW7nSQvSH7

Score
7/10
credential_accessdiscoveryevasionexecutionlinuxpersistenceprivilege_escalatioprivilege_escalation

Malware Config

Targets

    • Target

      92ed2aa62286b092cfb5fdc6c49641ea7b2228a99676c6c7c736e8c237b7a505.elf

    • Size

      64KB

    • MD5

      a41fd626d3c5544b4def0701a1f20b28

    • SHA1

      319ffd98a337eb9a2cac34b275b3876c96de99d8

    • SHA256

      92ed2aa62286b092cfb5fdc6c49641ea7b2228a99676c6c7c736e8c237b7a505

    • SHA512

      a2f6ca36562b3687258783634fce4fc226bc2436d595bce11bcce3f8342675ecf02b461025b9f75b8858a0531b7327567e1fcfa33019c86180e92d74296bf61b

    • SSDEEP

      1536:N+ZLQ0EafuTAWurF4gufwKTnSQvS1lX7:8ZLQLaGTAWurTW7nSQvSH7

    Score
    7/10
    credential_accessdiscoveryevasionexecutionpersistenceprivilege_escalatioprivilege_escalation

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

      credential_access

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalatio

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistenceprivilege_escalation

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

      evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Persistence

Boot or Logon Autostart Execution

2
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

1
T1037

RC Scripts

1
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

1
T1037

RC Scripts

1
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

OS Credential Dumping

1
T1003

/etc/passwd and /etc/shadow

1
T1003.008

Discovery

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks