General

  • Target

    nsharm5.elf

  • Size

    73KB

  • Sample

    241026-vdd3vswelh

  • MD5

    ec377a1b6a816a87c4874e7b04e53ab4

  • SHA1

    e8e06aaacde689c4a8703aa7ff62d7442d541aca

  • SHA256

    f8c9ae564656a7a30d4dcb95719e593e081a82a472a220e95c99096f35398795

  • SHA512

    1072be20d27f5346195d5608b835b87b52c86a7e121a64dde1065a24afba8486673401f74a435e0d872ef54785a3c566e7a8419b9504a5380afb97c1ac3fadc6

  • SSDEEP

    1536:/pBn6Hm2LCVs9M0mpmm29NPwwxO8hv2P:/pB6DL997Umm21x/+

Malware Config

Targets

    • Target

      nsharm5.elf

    • Size

      73KB

    • MD5

      ec377a1b6a816a87c4874e7b04e53ab4

    • SHA1

      e8e06aaacde689c4a8703aa7ff62d7442d541aca

    • SHA256

      f8c9ae564656a7a30d4dcb95719e593e081a82a472a220e95c99096f35398795

    • SHA512

      1072be20d27f5346195d5608b835b87b52c86a7e121a64dde1065a24afba8486673401f74a435e0d872ef54785a3c566e7a8419b9504a5380afb97c1ac3fadc6

    • SSDEEP

      1536:/pBn6Hm2LCVs9M0mpmm29NPwwxO8hv2P:/pB6DL997Umm21x/+

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

MITRE ATT&CK Enterprise v15

Tasks