Resubmissions

30-10-2024 16:38

241030-t5fv4axejg 9

30-10-2024 16:37

241030-t4zxkswmhy 1

30-10-2024 13:42

241030-qz69bawkhk 1

30-10-2024 13:23

241030-qmskdsvaml 1

General

  • Target

    e

  • Size

    72KB

  • Sample

    241030-t5fv4axejg

  • MD5

    b6352bba762081cdb61e89c0f1893018

  • SHA1

    38062faccdc2d923880f814ff6263baaea01162d

  • SHA256

    53bf41beef030d39bf962e0a267544cc6fc7f67954e14d6bdf3de7738f3e6e9f

  • SHA512

    41bebbc448e91f022155de3202bb81290d01f6828295ee9f65ccf63e636e1b2994a63a5d11d5d9e4aee10d3fbb65bedb2d55456b6a72f4583faa49863cbddf88

  • SSDEEP

    1536:TqAK7criISePq2LfYBKKv7T2y7v7F/Uv4T/NfxGa+Vgabae+eQPpmr:cePq2LfYBKKv7Tb/9wgabxvw

Malware Config

Targets

    • Target

      e

    • Size

      72KB

    • MD5

      b6352bba762081cdb61e89c0f1893018

    • SHA1

      38062faccdc2d923880f814ff6263baaea01162d

    • SHA256

      53bf41beef030d39bf962e0a267544cc6fc7f67954e14d6bdf3de7738f3e6e9f

    • SHA512

      41bebbc448e91f022155de3202bb81290d01f6828295ee9f65ccf63e636e1b2994a63a5d11d5d9e4aee10d3fbb65bedb2d55456b6a72f4583faa49863cbddf88

    • SSDEEP

      1536:TqAK7criISePq2LfYBKKv7T2y7v7F/Uv4T/NfxGa+Vgabae+eQPpmr:cePq2LfYBKKv7Tb/9wgabxvw

    • Renames multiple (70) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Deletes journal logs

      Deletes systemd journal logs. Likely to evade detection.

    • Modifies PAM framework files

      Modifies Linux PAM framework files, possibly to intercept credentials.

    • Modifies sudoers policy

      Adds/ Modifies rule files for sudoers policy, likely to grant additional privileges.

    • Modifies user home skeleton directory

      Modifies skeleton of initial home directory of newly added system users.

    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Deletes log files

      Deletes log files on the system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks