General
-
Target
a64ddaa1e3747b10863af3b60e79bbef1295a71ffdf3dd15a390d5926a6c3c13.elf
-
Size
605KB
-
Sample
241023-b21rzsvdma
-
MD5
8d4a6b005fe1b8b6ab08ac9501a13110
-
SHA1
ac3449f4ff85338a4cc99581070f358fb30ce1a1
-
SHA256
a64ddaa1e3747b10863af3b60e79bbef1295a71ffdf3dd15a390d5926a6c3c13
-
SHA512
7214699e67d101a6fb15e9a7571de1541480818bd399a6e26d018dd22ba33e8d8ebc42c2e7ba62b5268e595658eb57a7be744dee790cbeff71b7f18f9704bb84
-
SSDEEP
12288:To2aovPAC2u24h68Qugl3qCiJ7o6xt95DujbUjWWkGHnon3MYNBEEx9IRXa:8IvPAC2utTQug7iJ7oOtO3UjLkConLfx
Static task
static1
Behavioral task
behavioral1
Sample
a64ddaa1e3747b10863af3b60e79bbef1295a71ffdf3dd15a390d5926a6c3c13.elf
Resource
debian9-armhf-20240611-en
Malware Config
Targets
-
-
Target
a64ddaa1e3747b10863af3b60e79bbef1295a71ffdf3dd15a390d5926a6c3c13.elf
-
Size
605KB
-
MD5
8d4a6b005fe1b8b6ab08ac9501a13110
-
SHA1
ac3449f4ff85338a4cc99581070f358fb30ce1a1
-
SHA256
a64ddaa1e3747b10863af3b60e79bbef1295a71ffdf3dd15a390d5926a6c3c13
-
SHA512
7214699e67d101a6fb15e9a7571de1541480818bd399a6e26d018dd22ba33e8d8ebc42c2e7ba62b5268e595658eb57a7be744dee790cbeff71b7f18f9704bb84
-
SSDEEP
12288:To2aovPAC2u24h68Qugl3qCiJ7o6xt95DujbUjWWkGHnon3MYNBEEx9IRXa:8IvPAC2utTQug7iJ7oOtO3UjLkConLfx
-
Detects Kaiten/Tsunami Payload
-
Contacts a large (1016) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Indicator Removal: Timestomp
Adversaries may remove indicators of compromise from the host to evade detection.
-