General
-
Target
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006
-
Size
35KB
-
Sample
241020-sqkeasveka
-
MD5
2550990d2d52581b213e7c9305c392d3
-
SHA1
f7f069915c9b97550dc1fb6cf631f6222416dcf5
-
SHA256
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006
-
SHA512
a30d4a39203e6a98937e8670b7b3caaa63d2141fdf404bb28ca240d95cb7420bdfb8c695db81cc9c799e8818266600c137b8b0df2dfc69d7566bae64eee2ad50
-
SSDEEP
768:X87XzQ5VFNcDAFLcIwgnoYq0xFB6ytguz:X3VF+D6cIwgos/z
Static task
static1
Behavioral task
behavioral1
Sample
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006
Resource
debian9-mipsel-20240611-en
Malware Config
Targets
-
-
Target
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006
-
Size
35KB
-
MD5
2550990d2d52581b213e7c9305c392d3
-
SHA1
f7f069915c9b97550dc1fb6cf631f6222416dcf5
-
SHA256
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006
-
SHA512
a30d4a39203e6a98937e8670b7b3caaa63d2141fdf404bb28ca240d95cb7420bdfb8c695db81cc9c799e8818266600c137b8b0df2dfc69d7566bae64eee2ad50
-
SSDEEP
768:X87XzQ5VFNcDAFLcIwgnoYq0xFB6ytguz:X3VF+D6cIwgos/z
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Executes dropped EXE
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor
Disables AppArmor security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Scheduled Task/Job
1Cron
1Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Indicator Removal
1Clear Linux or Mac System Logs
1