Overview

overview

7

Static

static

1

wget.sh

ubuntu-18.04-amd64

7

wget.sh

debian-9-armhf

7

wget.sh

debian-9-mips

7

wget.sh

debian-9-mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wget.sh

  • Size

    420B

  • Sample

    241018-lnrx2asdqq

  • MD5

    878878ef9a55d128c2917bfb365e4261

  • SHA1

    3f95d013d7602c813cafd4be15c43c37a9c71d2e

  • SHA256

    bd6ee818b79172a3d43e87463157ee94c942a321fd2ed582610962e323d0817a

  • SHA512

    dfb89655ef3662bb93b765211863cdff5101a00edf9f45b741e8c401402ec429196cf97b4c4e54dfbfc7153b3c50c2ae9da5e3fab45d51a96f0f25ca6c365cf6

Score
7/10
credential_accessdefense_evasiondiscoverylinux

Malware Config

Targets

    • Target

      wget.sh

    • Size

      420B

    • MD5

      878878ef9a55d128c2917bfb365e4261

    • SHA1

      3f95d013d7602c813cafd4be15c43c37a9c71d2e

    • SHA256

      bd6ee818b79172a3d43e87463157ee94c942a321fd2ed582610962e323d0817a

    • SHA512

      dfb89655ef3662bb93b765211863cdff5101a00edf9f45b741e8c401402ec429196cf97b4c4e54dfbfc7153b3c50c2ae9da5e3fab45d51a96f0f25ca6c365cf6

    Score
    7/10
    defense_evasiondiscoverycredential_access

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks