General

  • Target

    nsharm7.elf

  • Size

    101KB

  • Sample

    241026-vddr4atpep

  • MD5

    ca210ee9b185a078d977e3f9f421e2da

  • SHA1

    99a8fdf8489095caf3ba316f5f75561400bb64d5

  • SHA256

    d105ded953a4f0bb32f38178fea5cb27ff01e1a3ec7958386fc973653bb3d125

  • SHA512

    fbbbda938ecfd86d1f0d6f445b32631dff779a29ebc936ca6379230555c1cb3d4a81e7cceaccf382775ce584012c0750e784a9c96de11ec0b16daf6036f9d02c

  • SSDEEP

    3072:JTnKSqnPWkyyRebaVf4GwBLFCsfIUuFeStQjX:JTnZmWkyDbaVf4GwBRCslusSOjX

Malware Config

Targets

    • Target

      nsharm7.elf

    • Size

      101KB

    • MD5

      ca210ee9b185a078d977e3f9f421e2da

    • SHA1

      99a8fdf8489095caf3ba316f5f75561400bb64d5

    • SHA256

      d105ded953a4f0bb32f38178fea5cb27ff01e1a3ec7958386fc973653bb3d125

    • SHA512

      fbbbda938ecfd86d1f0d6f445b32631dff779a29ebc936ca6379230555c1cb3d4a81e7cceaccf382775ce584012c0750e784a9c96de11ec0b16daf6036f9d02c

    • SSDEEP

      3072:JTnKSqnPWkyyRebaVf4GwBLFCsfIUuFeStQjX:JTnZmWkyDbaVf4GwBRCslusSOjX

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

MITRE ATT&CK Enterprise v15

Tasks