Resubmissions

21-10-2024 12:12

241021-pdcl5stbje 10

21-10-2024 11:59

241021-n55xbsshjb 10

19-10-2024 11:43

241019-nvrlyswdrn 10

19-10-2024 03:15

241019-drzs2swcrr 10

19-10-2024 03:03

241019-dj7tpavhrp 10

18-10-2024 09:09

241018-k4fdhaycqc 10

General

  • Target

    name.zip

  • Size

    3.9MB

  • Sample

    241019-nvrlyswdrn

  • MD5

    b001d8369997dbf8f9303de8faed1adb

  • SHA1

    b3f8425585c95c6c737add0d63ba148691345c20

  • SHA256

    e0167b29311f359344fe2879d8de3e8f5eb4c4d5a54bf0d46406d1d7af0cd2ff

  • SHA512

    39a51b404afa8b5a3cd8e653310492633eb9bb34e27b08a93da448fcbd5c6c7df1c7ef3b4a5f7824d5bd2747850267acd2a0c05f1d60e75495e4e6ceb52956a6

  • SSDEEP

    98304:sQE0RKwiLgnCy7n+wF3BOvExR+CEM29vVuiC7sM9Nh6on61KC2nA4:LEkdn/n+WR9x0uovV1C7sM9zL61KCSA4

Malware Config

Targets

    • Target

      iptable_reject

    • Size

      8.4MB

    • MD5

      7db2c9ec53c09e42724f6314401b906c

    • SHA1

      0b781d565d784b4d22aa9be874518b8b4c40bfcf

    • SHA256

      f99f857e388a386f4461917ec46781c539ee1f0e9d2b5039b282fa0754c1c750

    • SHA512

      74dcf160137fe29a2e68d66b503f0ec2fe6c0f0900356076d528e3387cf497557157da1c95d65d9fad8c7d7d647a21c93d7655270f9df06823ffbdcf7d26a2f5

    • SSDEEP

      196608:hVJq0MCjhe6WB42fcpuAJr+Q1lHGJqu82NwuN4zs:hDq0MCjhe6WaycpuA51lHOvKuN4

    Score
    6/10
    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    • Target

      kermine

    • Size

      1.3MB

    • MD5

      13d1ec32d39153bddcb677fc491d90f8

    • SHA1

      28f07354c83098f3f2f988249251096bcdf68549

    • SHA256

      7f2b4e30c6ae7c56c0bc861f920bca6b52183b3e8bc30347739c6591bdfaa589

    • SHA512

      1dbcab16cb408f8c895609af43f973c09b4c0dda5da1f36e2524823b53874cdce585bf4d4d489f9323043f69d688cf3375ad14036e99f0b09c6bdfddf66289b4

    • SSDEEP

      24576:87U+XfGMTwJ7RBNytH9wiPGKgIxECVVXZSELt:8g+XfjU7RBNC9wiPGKgIxE8VwE

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Deletes journal logs

      Deletes systemd journal logs. Likely to evade detection.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

    • Deletes log files

      Deletes log files on the system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

MITRE ATT&CK Enterprise v15

Tasks