General

  • Target

    a1f211877e5ac29682f07d0b97d02ee936ed02f3355b68d7163b3336164d85f6.elf

  • Size

    510KB

  • Sample

    241023-b182zavcrh

  • MD5

    2aa1abc12fdf779dbe4e71ed20111bce

  • SHA1

    fee772fa1e9c94d9b89ffa3fa89df08c4a1fe84f

  • SHA256

    a1f211877e5ac29682f07d0b97d02ee936ed02f3355b68d7163b3336164d85f6

  • SHA512

    e9b95f9c28e39fa3c57f921ac2e55f5ee1b22d3664b8059f53610b059e620230ff63db7d39a5a9c256f39aa99d1b1333f4bd0acefe44bd826048c60b4e5c6fc0

  • SSDEEP

    6144:21cNQ3N/6H7bvnWGSTOk/Gsw6apMBNedo+nS2Ref6zIfcxnjL/Va+wjdIBKPO7QZ:2CQd/SVV2PsfssIfyn/U+sm7Q380/

Malware Config

Targets

    • Target

      a1f211877e5ac29682f07d0b97d02ee936ed02f3355b68d7163b3336164d85f6.elf

    • Size

      510KB

    • MD5

      2aa1abc12fdf779dbe4e71ed20111bce

    • SHA1

      fee772fa1e9c94d9b89ffa3fa89df08c4a1fe84f

    • SHA256

      a1f211877e5ac29682f07d0b97d02ee936ed02f3355b68d7163b3336164d85f6

    • SHA512

      e9b95f9c28e39fa3c57f921ac2e55f5ee1b22d3664b8059f53610b059e620230ff63db7d39a5a9c256f39aa99d1b1333f4bd0acefe44bd826048c60b4e5c6fc0

    • SSDEEP

      6144:21cNQ3N/6H7bvnWGSTOk/Gsw6apMBNedo+nS2Ref6zIfcxnjL/Va+wjdIBKPO7QZ:2CQd/SVV2PsfssIfyn/U+sm7Q380/

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Indicator Removal: Timestomp

      Adversaries may remove indicators of compromise from the host to evade detection.

MITRE ATT&CK Enterprise v15

Tasks