Resubmissions

27-10-2024 11:34

241027-nptt5avndx 7

27-10-2024 11:20

241027-nfkj4avmfv 7

General

  • Target

    arm7

  • Size

    102KB

  • Sample

    241027-nfkj4avmfv

  • MD5

    f89985f03f8a27ab418e05bc232e4387

  • SHA1

    b57e7df8cf4013be718f56be205e14919101e87a

  • SHA256

    15af70f91b8099d491f6d891cd063301b8e40e063aa0554294ec28cab71753c6

  • SHA512

    d4a66a8054dbd4cfbe2865c64bfde1e3dff384b1504a04b8ee21384737960de425e1069a2de14b6972420c99fbc40f0d11a7568d059678837b01c5868cd336b9

  • SSDEEP

    3072:lK8+viZckDqI5GaHSfCr8ZwTEEs2S8SjjIxX:lK8bZckDlGaHSfCr8iTEWSJjkxX

Malware Config

Targets

    • Target

      arm7

    • Size

      102KB

    • MD5

      f89985f03f8a27ab418e05bc232e4387

    • SHA1

      b57e7df8cf4013be718f56be205e14919101e87a

    • SHA256

      15af70f91b8099d491f6d891cd063301b8e40e063aa0554294ec28cab71753c6

    • SHA512

      d4a66a8054dbd4cfbe2865c64bfde1e3dff384b1504a04b8ee21384737960de425e1069a2de14b6972420c99fbc40f0d11a7568d059678837b01c5868cd336b9

    • SSDEEP

      3072:lK8+viZckDqI5GaHSfCr8ZwTEEs2S8SjjIxX:lK8bZckDlGaHSfCr8iTEWSJjkxX

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

MITRE ATT&CK Enterprise v15

Tasks