General

  • Target

    8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006

  • Size

    35KB

  • Sample

    241020-sqkeasveka

  • MD5

    2550990d2d52581b213e7c9305c392d3

  • SHA1

    f7f069915c9b97550dc1fb6cf631f6222416dcf5

  • SHA256

    8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006

  • SHA512

    a30d4a39203e6a98937e8670b7b3caaa63d2141fdf404bb28ca240d95cb7420bdfb8c695db81cc9c799e8818266600c137b8b0df2dfc69d7566bae64eee2ad50

  • SSDEEP

    768:X87XzQ5VFNcDAFLcIwgnoYq0xFB6ytguz:X3VF+D6cIwgos/z

Malware Config

Targets

    • Target

      8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006

    • Size

      35KB

    • MD5

      2550990d2d52581b213e7c9305c392d3

    • SHA1

      f7f069915c9b97550dc1fb6cf631f6222416dcf5

    • SHA256

      8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006

    • SHA512

      a30d4a39203e6a98937e8670b7b3caaa63d2141fdf404bb28ca240d95cb7420bdfb8c695db81cc9c799e8818266600c137b8b0df2dfc69d7566bae64eee2ad50

    • SSDEEP

      768:X87XzQ5VFNcDAFLcIwgnoYq0xFB6ytguz:X3VF+D6cIwgos/z

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    • Executes dropped EXE

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Disables AppArmor

      Disables AppArmor security module.

    • Disables SELinux

      Disables SELinux security module.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks