General
-
Target
nshkarm7
-
Size
100KB
-
Sample
241027-nnwmbsxhqj
-
MD5
ed1d2e14bea3ca635ba94cb3346845ce
-
SHA1
b9d6b2c6d796a6924281d301854e96b38a8f12c2
-
SHA256
0511626122126321b2a14924a2258e9161a10e803b1a313f855038f80f5e4047
-
SHA512
0ec3fe431bceda7af5ea506428fa90f4cfdc936974204c4f329202a405fbe2435f0feb7dc023d165f6ed5cc7d8ab6010aa63e513db1b04fb647ea051070c4a20
-
SSDEEP
3072:XogSNzRzKkAAyv4aU1D4ttX7oMNZ3Q0whD3MX:XVSNJKkAL4aU1D4ttLoMzQPhLMX
Static task
static1
Behavioral task
behavioral1
Sample
nshkarm7
Resource
debian12-armhf-20240221-en
Malware Config
Targets
-
-
Target
nshkarm7
-
Size
100KB
-
MD5
ed1d2e14bea3ca635ba94cb3346845ce
-
SHA1
b9d6b2c6d796a6924281d301854e96b38a8f12c2
-
SHA256
0511626122126321b2a14924a2258e9161a10e803b1a313f855038f80f5e4047
-
SHA512
0ec3fe431bceda7af5ea506428fa90f4cfdc936974204c4f329202a405fbe2435f0feb7dc023d165f6ed5cc7d8ab6010aa63e513db1b04fb647ea051070c4a20
-
SSDEEP
3072:XogSNzRzKkAAyv4aU1D4ttX7oMNZ3Q0whD3MX:XVSNJKkAL4aU1D4ttLoMzQPhLMX
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Scheduled Task/Job
1Cron
1