General

  • Target

    ss

  • Size

    403B

  • Sample

    241027-l8xn1svkaw

  • MD5

    89f95ab872178a2c1e14126848498548

  • SHA1

    ea84533d5b4096482a6525f3c776108688349236

  • SHA256

    19fa932e33bf68543553f439308e7827e45d99aee85ed91016d4a368c802d019

  • SHA512

    6a21cb868aaa4c3733ab1872f4b993991f5ea8f7667e7d4013a429a14cc793ba33c6051c22e4415839232c77c084e9e3f577d0b5374c8aa6fa5c551407d78283

Malware Config

Targets

    • Target

      ss

    • Size

      403B

    • MD5

      89f95ab872178a2c1e14126848498548

    • SHA1

      ea84533d5b4096482a6525f3c776108688349236

    • SHA256

      19fa932e33bf68543553f439308e7827e45d99aee85ed91016d4a368c802d019

    • SHA512

      6a21cb868aaa4c3733ab1872f4b993991f5ea8f7667e7d4013a429a14cc793ba33c6051c22e4415839232c77c084e9e3f577d0b5374c8aa6fa5c551407d78283

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

    • Deletes log files

      Deletes log files on the system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Write file to user bin folder

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks