General
-
Target
2636f4d5fa29c3747036d385c3eee167aba1aad58c29597d21df7e42c6149a35.elf
-
Size
1KB
-
Sample
241019-bm46vsyalb
-
MD5
a3a1adfcbc6207f3e6e0c35d3cf03904
-
SHA1
f10f7793d4d78120395d11d7020ab626995e2c01
-
SHA256
2636f4d5fa29c3747036d385c3eee167aba1aad58c29597d21df7e42c6149a35
-
SHA512
d66495bda3366633baed9e80dafb494bbe39cccb331a1b031c239650866489d6e45db7a9e5f3fe4e951e3f321d9eb9a0c7abf00ede54f6548c4235b9ef3debf9
Behavioral task
behavioral1
Sample
2636f4d5fa29c3747036d385c3eee167aba1aad58c29597d21df7e42c6149a35.elf
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Targets
-
-
Target
2636f4d5fa29c3747036d385c3eee167aba1aad58c29597d21df7e42c6149a35.elf
-
Size
1KB
-
MD5
a3a1adfcbc6207f3e6e0c35d3cf03904
-
SHA1
f10f7793d4d78120395d11d7020ab626995e2c01
-
SHA256
2636f4d5fa29c3747036d385c3eee167aba1aad58c29597d21df7e42c6149a35
-
SHA512
d66495bda3366633baed9e80dafb494bbe39cccb331a1b031c239650866489d6e45db7a9e5f3fe4e951e3f321d9eb9a0c7abf00ede54f6548c4235b9ef3debf9
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
XMRig Miner payload
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Uses Polkit to run commands
Uses Polkit pkexec as a proxy to execute commands, possibly to bypass security restrictions.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
2System Checks
2