General
-
Target
backup3.sh.elf
-
Size
15KB
-
Sample
241017-t6jndavdjb
-
MD5
aee014a523b65c8d3b7bdb92765d305c
-
SHA1
dfb9d0cada5cf03c3dfa4479865955311e6a54f9
-
SHA256
481f0641074b3307b21a264987be6c2ba24c76f206334f97ccbac1cf50993282
-
SHA512
4b9d43d58bd6ff61dc563d55dea121f94040ab24137154f2dfe03b342c8ae96676ca438302ff7d63b68d4e34bb8bcdd94909cb56002d3feef73820ca8b3969d8
-
SSDEEP
384:Zr+Ken0Xvn/3PHfXvn/3PHfayqC6UNwA42KW9XxqZeMm:s90Xvn/3PHfXvn/3PHfayqC6U+6XxqgR
Static task
static1
Behavioral task
behavioral1
Sample
backup3.sh.elf
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
backup3.sh.elf
-
Size
15KB
-
MD5
aee014a523b65c8d3b7bdb92765d305c
-
SHA1
dfb9d0cada5cf03c3dfa4479865955311e6a54f9
-
SHA256
481f0641074b3307b21a264987be6c2ba24c76f206334f97ccbac1cf50993282
-
SHA512
4b9d43d58bd6ff61dc563d55dea121f94040ab24137154f2dfe03b342c8ae96676ca438302ff7d63b68d4e34bb8bcdd94909cb56002d3feef73820ca8b3969d8
-
SSDEEP
384:Zr+Ken0Xvn/3PHfXvn/3PHfayqC6UNwA42KW9XxqZeMm:s90Xvn/3PHfXvn/3PHfayqC6U+6XxqgR
Score10/10-
XMRig Miner payload
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
2System Checks
2