General

  • Target

    nshmips.elf

  • Size

    99KB

  • Sample

    241026-vdd3vstrh1

  • MD5

    36e86bb02185647aa672a226e7fe224f

  • SHA1

    66de8267b6fbef3423a21ed56e1fd68265882666

  • SHA256

    5e0ce8c68000a777556e21b71e015b368a8b361409ba0051bc93cd519c99f7cb

  • SHA512

    011ca601c3481c0ef30b4f3481e88dd05e329f1e129229cf5921e6ebf5b78806d6c8568a25ad0dd62cfd790e97fbf3d74efc047a457245647ebc939814c88cf0

  • SSDEEP

    1536:F6KyNOhiWfjZsF1LtLGgZRSKRSaySRUUkvjMS1BEYoiueZ9DWK+FSn+:fzh1slGgCvjMS1KdC+w+

Malware Config

Targets

    • Target

      nshmips.elf

    • Size

      99KB

    • MD5

      36e86bb02185647aa672a226e7fe224f

    • SHA1

      66de8267b6fbef3423a21ed56e1fd68265882666

    • SHA256

      5e0ce8c68000a777556e21b71e015b368a8b361409ba0051bc93cd519c99f7cb

    • SHA512

      011ca601c3481c0ef30b4f3481e88dd05e329f1e129229cf5921e6ebf5b78806d6c8568a25ad0dd62cfd790e97fbf3d74efc047a457245647ebc939814c88cf0

    • SSDEEP

      1536:F6KyNOhiWfjZsF1LtLGgZRSKRSaySRUUkvjMS1BEYoiueZ9DWK+FSn+:fzh1slGgCvjMS1KdC+w+

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

MITRE ATT&CK Enterprise v15

Tasks