General

  • Target

    nshkarm7

  • Size

    100KB

  • Sample

    241027-nnwmbsxhqj

  • MD5

    ed1d2e14bea3ca635ba94cb3346845ce

  • SHA1

    b9d6b2c6d796a6924281d301854e96b38a8f12c2

  • SHA256

    0511626122126321b2a14924a2258e9161a10e803b1a313f855038f80f5e4047

  • SHA512

    0ec3fe431bceda7af5ea506428fa90f4cfdc936974204c4f329202a405fbe2435f0feb7dc023d165f6ed5cc7d8ab6010aa63e513db1b04fb647ea051070c4a20

  • SSDEEP

    3072:XogSNzRzKkAAyv4aU1D4ttX7oMNZ3Q0whD3MX:XVSNJKkAL4aU1D4ttLoMzQPhLMX

Malware Config

Targets

    • Target

      nshkarm7

    • Size

      100KB

    • MD5

      ed1d2e14bea3ca635ba94cb3346845ce

    • SHA1

      b9d6b2c6d796a6924281d301854e96b38a8f12c2

    • SHA256

      0511626122126321b2a14924a2258e9161a10e803b1a313f855038f80f5e4047

    • SHA512

      0ec3fe431bceda7af5ea506428fa90f4cfdc936974204c4f329202a405fbe2435f0feb7dc023d165f6ed5cc7d8ab6010aa63e513db1b04fb647ea051070c4a20

    • SSDEEP

      3072:XogSNzRzKkAAyv4aU1D4ttX7oMNZ3Q0whD3MX:XVSNJKkAL4aU1D4ttLoMzQPhLMX

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

MITRE ATT&CK Enterprise v15

Tasks