zergeca | 7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11 | Triage

Resubmissions

15/10/2024, 07:04

241015-hwfm7avfmr 10

25/09/2024, 21:54

240925-1sf4nazcpm 7

Sharing

Copy URL Twitter E-mail

General

Target

7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11
Size

2.8MB
Sample

241015-hwfm7avfmr
MD5

23ca4ab1518ff76f5037ea12f367a469
SHA1

1001b06820145ac69f3d440f1cc25990eb14cc71
SHA256

7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11
SHA512

71d64aa70d57ff8ae4ec47a19be62879875db8e238534153165f4778d5816043c1caa8ddc3b02102818aad3a1c5585a3ecc6d7f3ba38537f70bc93a460f502f2
SSDEEP

49152:ZTsrRjW/ionUOamjCn4GyY484WD6nZ1EmmmLu7EyJX514JPv8L/1Vp6Hgm:1qEVjvGXNP6Z1vu7tB2P071Lm

Score

10^/10

zergeca botnet discovery linux persistence privilege_escalation

Malware Config

Targets

- Target
  
  7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11
- Size
  
  2.8MB
- MD5
  
  23ca4ab1518ff76f5037ea12f367a469
- SHA1
  
  1001b06820145ac69f3d440f1cc25990eb14cc71
- SHA256
  
  7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11
- SHA512
  
  71d64aa70d57ff8ae4ec47a19be62879875db8e238534153165f4778d5816043c1caa8ddc3b02102818aad3a1c5585a3ecc6d7f3ba38537f70bc93a460f502f2
- SSDEEP
  
  49152:ZTsrRjW/ionUOamjCn4GyY484WD6nZ1EmmmLu7EyJX514JPv8L/1Vp6Hgm:1qEVjvGXNP6Z1vu7tB2P071Lm
Score

10^/10

zergeca botnet discovery persistence privilege_escalation
- Detects Zergeca Payload
- Zergeca
  Zergeca is a Linux botnet written in Golang.
  botnet zergeca
- Deletes itself
- Executes dropped EXE
- Enumerates running processes
  Discovers information about currently running processes on the system
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
- Write file to user bin folder
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Create or Modify System Process

Systemd Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zergecabotnetdiscoverypersistenceprivilege_escalation