General
-
Target
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
-
Size
46KB
-
Sample
241020-sln7pawgqn
-
MD5
150dc9ae7c5729552ec2e92a7bc49095
-
SHA1
2aed6d97f2c3400e1eb7e136e245a6f45ef4ae1f
-
SHA256
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
-
SHA512
13c40ba893a9f7a0f3e674400025f65e041e91f09b6def779078e391e35a3dedaf55742e68ae0b9b6f3c9120c1628266fb16348b674e988d146ed3d7b2c3f9c7
-
SSDEEP
768:bxlT2wDuWvWi7JFNcuFkc2zq0x3UKnicZuiR/amT8z:8wF+Lc2/FicfSmT8z
Static task
static1
Behavioral task
behavioral1
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
Resource
debian9-mipsel-20240729-en
Malware Config
Targets
-
-
Target
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
-
Size
46KB
-
MD5
150dc9ae7c5729552ec2e92a7bc49095
-
SHA1
2aed6d97f2c3400e1eb7e136e245a6f45ef4ae1f
-
SHA256
1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
-
SHA512
13c40ba893a9f7a0f3e674400025f65e041e91f09b6def779078e391e35a3dedaf55742e68ae0b9b6f3c9120c1628266fb16348b674e988d146ed3d7b2c3f9c7
-
SSDEEP
768:bxlT2wDuWvWi7JFNcuFkc2zq0x3UKnicZuiR/amT8z:8wF+Lc2/FicfSmT8z
-
XMRig Miner payload
-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Executes dropped EXE
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Checks hardware identifiers (DMI)
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor
Disables AppArmor security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information
Accesses system info like serial numbers, manufacturer names etc.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1SSH Authorized Keys
1Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Privilege Escalation
Account Manipulation
1SSH Authorized Keys
1Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Indicator Removal
2Clear Linux or Mac System Logs
2Virtualization/Sandbox Evasion
2System Checks
2