General

  • Target

    backup3.sh.elf

  • Size

    15KB

  • Sample

    241017-t6jndavdjb

  • MD5

    aee014a523b65c8d3b7bdb92765d305c

  • SHA1

    dfb9d0cada5cf03c3dfa4479865955311e6a54f9

  • SHA256

    481f0641074b3307b21a264987be6c2ba24c76f206334f97ccbac1cf50993282

  • SHA512

    4b9d43d58bd6ff61dc563d55dea121f94040ab24137154f2dfe03b342c8ae96676ca438302ff7d63b68d4e34bb8bcdd94909cb56002d3feef73820ca8b3969d8

  • SSDEEP

    384:Zr+Ken0Xvn/3PHfXvn/3PHfayqC6UNwA42KW9XxqZeMm:s90Xvn/3PHfXvn/3PHfayqC6U+6XxqgR

Malware Config

Targets

    • Target

      backup3.sh.elf

    • Size

      15KB

    • MD5

      aee014a523b65c8d3b7bdb92765d305c

    • SHA1

      dfb9d0cada5cf03c3dfa4479865955311e6a54f9

    • SHA256

      481f0641074b3307b21a264987be6c2ba24c76f206334f97ccbac1cf50993282

    • SHA512

      4b9d43d58bd6ff61dc563d55dea121f94040ab24137154f2dfe03b342c8ae96676ca438302ff7d63b68d4e34bb8bcdd94909cb56002d3feef73820ca8b3969d8

    • SSDEEP

      384:Zr+Ken0Xvn/3PHfXvn/3PHfayqC6UNwA42KW9XxqZeMm:s90Xvn/3PHfXvn/3PHfayqC6U+6XxqgR

    • XMRig Miner payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

MITRE ATT&CK Enterprise v15

Tasks